Key Derivation Flaw in libssh with OpenSSL Leading to Cryptographic Risks
CVE-2025-5372

5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-5372?

A critical issue has been identified in libssh versions that incorporate OpenSSL versions earlier than 3.0. The vulnerability resides in the ssh_kdf() function, which is responsible for deriving cryptographic keys. There is a disparity in how return values are interpreted between OpenSSL and libssh; OpenSSL uses a return value of 0 to indicate failure, whereas libssh treats 0 as a success. This erroneous interpretation can lead to successful completion of key derivation even when it actually fails, ultimately resulting in the use of uninitialized cryptographic key buffers in further SSH communications. Such exploitation can jeopardize the confidentiality, integrity, and availability of SSH sessions.

References

https://access.redhat.com/security/cve/CVE-2025-5372

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2369388

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
May 30, 2025

Red Hat

What is CVE-2025-5372?

References

CVSS V3.1

Timeline