Uninitialized Variable Vulnerability in libssh Impacting Multiple Products
CVE-2025-4878

3.6LOW

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-4878?

An uninitialized variable issue has been identified in the libssh library, specifically within the privatekey_from_file() function. This vulnerability can occur when a non-existent file is specified, which may lead to signing failures and could potentially result in heap corruption. Attackers taking advantage of this flaw may disrupt expected software operations, opening pathways for further exploitation.

References

https://access.redhat.com/security/cve/CVE-2025-4878

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2376184

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
May 16, 2025

Red Hat

What is CVE-2025-4878?

References

CVSS V3.1

Timeline