Vulnerability Description
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libssh | Libssh | < 0.11.2 |
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Enterprise Linux | 6.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2025:21977
- https://access.redhat.com/errata/RHSA-2025:23024
- https://access.redhat.com/security/cve/CVE-2025-5372Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2369388Issue TrackingThird Party Advisory
FAQ
What is CVE-2025-5372?
CVE-2025-5372 is a vulnerability with a CVSS score of 5.0 (MEDIUM). A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return valu...
How severe is CVE-2025-5372?
CVE-2025-5372 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-5372?
Check the references section above for vendor advisories and patch information. Affected products include: Libssh Libssh, Redhat Openshift Container Platform, Redhat Enterprise Linux.