CVE-2025-70034
Analyzed Analyzed - Analysis Complete
Inefficient Regex Complexity in mscdex ssh2 v

Publication date: 2026-03-09

Last updated on: 2026-05-06

Assigner: MITRE

Description
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-09
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-03-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-70034
EUVD
EUVD-2025-208436
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mscdex ssh2 1.17.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1333 The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-70034 is a vulnerability found in the mscdex ssh2 library version 1.17.0. It is related to CWE-1333, which concerns Inefficient Regular Expression Complexity. The issue arises because the library uses inefficient regular expressions that can consume excessive system resources when processing specially crafted malicious input.

This excessive resource consumption can lead to a denial of service (DoS) condition, where the system becomes overwhelmed and unable to function properly due to the complex evaluation of the malicious input.

Impact Analysis

The primary impact of this vulnerability is a potential denial of service (DoS) attack. An attacker can exploit the inefficient regular expressions in the mscdex ssh2 library by sending specially crafted input that causes the system to consume excessive resources.

This resource exhaustion can degrade system performance or cause the application or server using the ssh2 library to become unresponsive or crash, disrupting normal operations.

Compliance Impact

I don't know

Detection Guidance

CVE-2025-70034 is caused by inefficient regular expression complexity in the mscdex ssh2 library version 1.17.0, which can lead to excessive resource consumption and potential denial of service when processing specially crafted input.

Detection on your network or system would involve monitoring for unusual resource usage or denial of service symptoms when the vulnerable ssh2 library is in use.

Since the vulnerability is in a specific library version, one practical detection step is to identify if mscdex ssh2 version 1.17.0 is present in your environment.

  • Check installed npm packages for ssh2 version 1.17.0 using: npm list ssh2
  • Monitor system resource usage (CPU, memory) for processes using the ssh2 library, especially under suspicious or heavy SSH traffic.
  • Use network monitoring tools to detect abnormal SSH session behavior or repeated failed connections that might trigger the vulnerability.
Mitigation Strategies

To mitigate CVE-2025-70034, the primary step is to avoid using the vulnerable version 1.17.0 of the mscdex ssh2 library.

If possible, upgrade to a later version of the ssh2 library where this inefficient regular expression complexity issue has been addressed.

If an upgrade is not immediately possible, consider implementing resource limits on processes using the ssh2 library to reduce the impact of potential denial of service.

Additionally, monitor and restrict incoming SSH traffic to trusted sources to reduce exposure to malicious input triggering the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70034. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart