Key Derivation Flaw in libssh with OpenSSL Leading to Cryptographic Risks
CVE-2025-5372

5MEDIUM

What is CVE-2025-5372?

A critical issue has been identified in libssh versions that incorporate OpenSSL versions earlier than 3.0. The vulnerability resides in the ssh_kdf() function, which is responsible for deriving cryptographic keys. There is a disparity in how return values are interpreted between OpenSSL and libssh; OpenSSL uses a return value of 0 to indicate failure, whereas libssh treats 0 as a success. This erroneous interpretation can lead to successful completion of key derivation even when it actually fails, ultimately resulting in the use of uninitialized cryptographic key buffers in further SSH communications. Such exploitation can jeopardize the confidentiality, integrity, and availability of SSH sessions.

References

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-5372 : Key Derivation Flaw in libssh with OpenSSL Leading to Cryptographic Risks