Home > Vulnerability Database > CVE-2025-4878

Mend.io Vulnerability Database

CVE-2025-4878

Good to know:

Date: July 22, 2025

In libssh before 0.11.2 the privatekey_from_file() uses an uninitialized variable under certain conditions, such as if the file specified by the filename argument doesn't exist. This causes the code to return an invalid private key. This defect, in turn, might cause signing failure. The bug might also cause a Use-After-Free or corrupt the heap.

Severity Score

3.6

Related Resources (7)

Url: https://access.redhat.com/security/cve/CVE-2025-4878

Url: https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2376184

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-4878

Url: https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1

Url: https://seclists.org/oss-sec/2025/q2/284

Url: https://www.mend.io/vulnerability-database/CVE-2025-4878

Severity Score

3.6

Weakness Type (CWE)

Use After Free

CWE-416

Top Fix

Upgrade Version

Upgrade to version https://git.libssh.org/projects/libssh.git - libssh-0.11.2

Learn More

CVSS v3.1

Base Score:	3.6
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-4878

Good to know:

Date: July 22, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?