What is the CVSS score of CVE-2025-5987?

CVE-2025-5987 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of OpenSSL are affected by CVE-2025-5987?

Organizations using A flaw face notable risk from CVE-2025-5987 rated CVSS 8.1. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems.. A patch is available.

How to fix or mitigate CVE-2025-5987?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

OpenSSL CVE-2025-5987

EUVD-2025-20227 HIGH

Return of Wrong Status Code (CWE-393)

2025-07-07 secalert@redhat.com

Denial Of Service OpenSSL Red Hat Suse

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 16, 2026 - 03:37 euvd

EUVD-2025-20227

Analysis Generated

Mar 16, 2026 - 03:37 vuln.today

CVE Published

Jul 07, 2025 - 15:15 nvd

HIGH 8.1

DescriptionNVD

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

AnalysisAI

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library.

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Return of Wrong Status Code (CWE-393).

RemediationAI

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

More from same product – last 7 days

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

Ubuntu

Priority: Medium

libssh

Release	Status	Version
noble	released	0.10.6-2ubuntu0.1
oracular	released	0.10.6-3ubuntu1.1
plucky	released	0.11.1-1ubuntu0.1
upstream	released	0.11.2
bionic	not-affected	code not present
focal	not-affected	code not present
jammy	not-affected	code not present
xenial	not-affected	code not present

USN-7619-1

Debian

Bug #1108407

libssh

Release	Status	Fixed Version	Urgency
bullseye	not-affected	-	-
bullseye (security)	fixed	0.9.8-0+deb11u2	-
bookworm	fixed	0.10.6-0+deb12u2	-
bookworm (security)	vulnerable	0.10.6-0+deb12u1	-
trixie	fixed	0.11.2-1+deb13u1	-
forky	fixed	0.11.3-1	-
sid	fixed	0.12.0-1	-
(unstable)	fixed	0.11.2-1	-

CVE-2025-5987 vulnerability details – vuln.today

Back

OpenSSL CVE-2025-5987

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code