CVE-2025-5318

7.1 HIGH

Published: June 24, 2025 Modified: January 08, 2026

Description

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:18231

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:18275

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:18286

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:19012

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:19098

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:19101

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:19295

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:19300

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:19313

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:19400

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:19401

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:19470

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:19472

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:19807

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:19864

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:20943

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:21013

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:21329

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:21829

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:22275

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:23078

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:23079

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:23080

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2025-5318

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2369131

Source: secalert@redhat.com

Issue Tracking Third Party Advisory

https://www.libssh.org/security/advisories/CVE-2025-5318.txt

Source: secalert@redhat.com

Vendor Advisory

26 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.1 / 10.0

EPSS (Exploit Probability)

0.2%

45th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-125

Affected Vendors

libssh redhat

Related CVEs

CVE-2026-0824 3.5

CVE-2026-0822 6.3

CVE-2025-13393 4.3

CVE-2025-12379 6.4

CVE-2026-0821 7.3