Uninitialized Variable Vulnerability in libssh Impacting Multiple Products
CVE-2025-4878

3.6LOW

Key Information:

Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Vendor
CVE Published:
22 July 2025

What is CVE-2025-4878?

An uninitialized variable issue has been identified in the libssh library, specifically within the privatekey_from_file() function. This vulnerability can occur when a non-existent file is specified, which may lead to signing failures and could potentially result in heap corruption. Attackers taking advantage of this flaw may disrupt expected software operations, opening pathways for further exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2025-4878
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2376184
issue-trackingx_refsource_REDHAT
https://git.libssh.org/projects/libssh.git/commit/?id=697...

CVSS V3.1

Score:
3.6
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.