Vulnerability DatabaseCVE-2025-5318
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-5318
June 24, 2025
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
Affected Packages
https://git.libssh.org/projects/libssh.git (SCM_GIT):
Affected version(s) >=libssh-0.5.1 <libssh-0.11.2
Fix Suggestion:
Update to version libssh-0.11.2
Related ResourcesĀ (30)
https://access.redhat.com/errata/RHSA-2025:19012
https://access.redhat.com/errata/RHSA-2025:21013
https://access.redhat.com/errata/RHSA-2025:18275
https://access.redhat.com/errata/RHSA-2025:19313
https://access.redhat.com/errata/RHSA-2025:19401
https://bugzilla.redhat.com/show_bug.cgi?id=2369131
https://access.redhat.com/errata/RHSA-2025:22275
https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2025:19300
https://access.redhat.com/errata/RHSA-2025:19101
https://access.redhat.com/errata/RHSA-2026:0326
https://access.redhat.com/errata/RHSA-2025:19098
https://access.redhat.com/errata/RHSA-2025:21829
https://access.redhat.com/security/cve/CVE-2025-5318
https://www.libssh.org/security/advisories/CVE-2025-5318.txt
https://access.redhat.com/errata/RHSA-2026:1541
https://access.redhat.com/errata/RHSA-2025:23079
https://access.redhat.com/errata/RHSA-2025:19400
https://access.redhat.com/errata/RHSA-2025:21329
https://access.redhat.com/errata/RHSA-2025:19295
https://access.redhat.com/errata/RHSA-2025:19807
https://access.redhat.com/errata/RHSA-2025:19470
https://access.redhat.com/errata/RHSA-2025:23080
https://access.redhat.com/errata/RHSA-2025:20943
https://access.redhat.com/errata/RHSA-2025:19472
https://access.redhat.com/errata/RHSA-2025:18231
https://access.redhat.com/errata/RHSA-2025:19864
https://access.redhat.com/errata/RHSA-2025:23078
https://access.redhat.com/errata/RHSA-2025:18286
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Out-of-bounds Read
CWE-125
EPSS
Base Score:
0.08