Home > Vulnerability Database > CVE-2025-5318

Mend.io Vulnerability Database

CVE-2025-5318

Good to know:

Date: June 24, 2025

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.

Severity Score

5.4

Related Resources (11)

Url: https://access.redhat.com/security/cve/CVE-2025-5318

Url: https://www.libssh.org/security/advisories/CVE-2025-5318.txt

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2369131

Url: https://access.redhat.com/errata/RHSA-2025:18231

Url: https://access.redhat.com/errata/RHSA-2025:18275

Url: https://access.redhat.com/errata/RHSA-2025:18286

Url: https://access.redhat.com/errata/RHSA-2025:19012

Url: https://access.redhat.com/errata/RHSA-2025:19101

Url: https://access.redhat.com/errata/RHSA-2025:19098

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-5318

Url: https://www.mend.io/vulnerability-database/CVE-2025-5318

Severity Score

5.4

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Top Fix

Upgrade Version

Upgrade to version https://git.libssh.org/projects/libssh.git - libssh-0.11.2

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-5318

Good to know:

Date: June 24, 2025

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?