CVE-2025-5372

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-5372
https://bugzilla.redhat.com/show_bug.cgi?id=2369388

Configurations

No configuration.

History

08 Jul 2025, 16:18

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla en las versiones de libssh compiladas con versiones de OpenSSL anteriores a la 3.0, específicamente en la función ssh_kdf(), responsable de la derivación de claves. Debido a la interpretación inconsistente de los valores de retorno, donde OpenSSL usa 0 para indicar un fallo y libssh usa 0 para éxito, la función puede devolver erróneamente un estado de éxito incluso cuando la derivación de claves falla. Esto provoca que se utilicen búferes de claves criptográficas sin inicializar en comunicaciones posteriores, lo que podría comprometer la confidencialidad, integridad y disponibilidad de las sesiones SSH.

04 Jul 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-04 06:15

Updated : 2025-07-08 16:18

NVD link : CVE-2025-5372

Mitre link : CVE-2025-5372

CVE.ORG link : CVE-2025-5372

JSON object : View

Products Affected

No product.

CWE

CWE-682

Incorrect Calculation

5.0 /10