What is the CVSS score of CVE-2025-5318?

CVE-2025-5318 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Enterprise Linux are affected by CVE-2025-5318?

CVE-2025-5318 is a high-severity memory disclosure vulnerability in libssh that could allow authenticated attackers to read sensitive data from server memory or disrupt service availability.. A patch is available.

How to fix or mitigate CVE-2025-5318?

Within 24 hours: Identify all systems running libssh versions < 0.11.2 using software inventory tools and disable SFTP services where feasible. Within 7 days: Implement network segmentation to restrict SFTP access to trusted IP ranges only, enforce strict authentication logging, and establish a patch readiness plan for when vendor updates become available. Within 30 days: Prioritize libssh upgrades to 0.11.2 or later as soon as the patch is released; conduct forensic review of SFTP access logs for suspicious authenticated sessions.

Enterprise Linux CVE-2025-5318

EUVD-2025-23900 HIGH

Out-of-bounds Read (CWE-125)

2025-06-24 secalert@redhat.com

Buffer Overflow Red Hat Enterprise Linux Libssh Openshift Container Platform Suse

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 15, 2026 - 22:36 euvd

EUVD-2025-23900

Analysis Generated

Mar 15, 2026 - 22:36 vuln.today

CVE Published

Jun 24, 2025 - 14:15 nvd

HIGH 8.1

DescriptionNVD

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.

AnalysisAI

CVE-2025-5318 is an out-of-bounds read vulnerability in libssh versions before 0.11.2 caused by an incorrect comparison check in the sftp_handle function that allows authenticated remote attackers to access memory beyond the valid handle list and retrieve invalid pointers for further processing. This vulnerability enables exposure of sensitive information or denial of service, with a CVSS score of 8.1 indicating high severity. The vulnerability requires authentication and network access but has high confidentiality and availability impact.

Technical ContextAI

libssh is a multipurpose SSH library used for implementing SSH protocols in client and server applications. The vulnerability exists in the SFTP (SSH File Transfer Protocol) subsystem, specifically in the sftp_handle function responsible for managing file handles during SFTP operations. The root cause is classified under CWE-125 (Out-of-bounds Read), stemming from an incorrect comparison operator or boundary check that fails to properly validate array indices before accessing the handle list. This allows an authenticated user with valid SSH credentials to craft malicious SFTP requests that reference handle indices beyond the allocated buffer, causing the function to read arbitrary memory and return invalid pointers that are subsequently dereferenced in downstream operations. The affected CPE scope includes libssh:libssh versions < 0.11.2 across all platforms where it is deployed (Windows, Linux, macOS, embedded systems).

RemediationAI

Immediate actions: (1) Upgrade libssh to version 0.11.2 or later from https://www.libssh.org/; (2) Verify all dependent software (git, application servers, network appliances) has been updated with patched libssh versions; (3) Review SSH access logs for suspicious SFTP handle requests targeting high indices. Temporary mitigations pending patching: (a) Restrict SSH/SFTP access to trusted IP ranges via firewall or SSH daemon configuration (ListenAddress directive); (b) Implement SSH public key authentication only and disable password authentication to reduce credential compromise risk; (c) Monitor SFTP connections for anomalous patterns using network IDS/IPS or SSH audit logging; (d) Run libssh-dependent services with minimal privilege (dedicated unprivileged user accounts). Patch verification: After upgrading, confirm libssh version with 'ssh -V' or library version checks; run regression tests on SFTP operations to ensure functionality. Vendor patch status: libssh project has released 0.11.2 as official remediation; downstream vendors (Debian, Ubuntu, RHEL, Alpine, etc.) will release updates via their respective security channels.

More from same product – last 7 days

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

Ubuntu

Priority: Medium

libssh

Release	Status	Version
jammy	released	0.9.6-2ubuntu0.22.04.4
upstream	released	0.11.2
noble	released	0.10.6-2ubuntu0.1
oracular	released	0.10.6-3ubuntu1.1
plucky	released	0.11.1-1ubuntu0.1
bionic	released	0.8.0~20170825.94fa1e38-1ubuntu0.7+esm4
focal	released	0.9.3-2ubuntu2.5+esm1
xenial	released	0.6.3-4.3ubuntu0.6+esm2

USN-7619-1 USN-7696-1

Debian

Bug #1108407