High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2025-5318
High
Low
Medium
High
Critical
8.1
CVSS Score
Vulnerability Description
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
L
User Interaction
N
Scope
U
Confidentiality
H
Integrity
N
Availability
H
Known Affected Software
54 configuration(s) from 2 vendor(s)
libssh
Version:
0.7.4
CPE:
cpe:2.3:a:libssh:libssh:0.7.4:*:*:*:*:*:*:*
libssh
Version:
0.10.2
CPE:
cpe:2.3:a:libssh:libssh:0.10.2:*:*:*:*:*:*:*
libssh
Version:
0.6.2
CPE:
cpe:2.3:a:libssh:libssh:0.6.2:*:*:*:*:*:*:*
libssh
Version:
0.8.0
CPE:
cpe:2.3:a:libssh:libssh:0.8.0:*:*:*:*:*:*:*
libssh
Version:
0.5.2
CPE:
cpe:2.3:a:libssh:libssh:0.5.2:*:*:*:*:*:*:*
libssh
Version:
0.8.6
CPE:
cpe:2.3:a:libssh:libssh:0.8.6:*:*:*:*:*:*:*
libssh
Version:
0.8.1
CPE:
cpe:2.3:a:libssh:libssh:0.8.1:*:*:*:*:*:*:*
libssh
Version:
0.6.4
CPE:
cpe:2.3:a:libssh:libssh:0.6.4:*:*:*:*:*:*:*
libssh
Version:
0.7.0
CPE:
cpe:2.3:a:libssh:libssh:0.7.0:*:*:*:*:*:*:*
libssh
Version:
0.11.0
CPE:
cpe:2.3:a:libssh:libssh:0.11.0:*:*:*:*:*:*:*
libssh
Version:
0.7.2
CPE:
cpe:2.3:a:libssh:libssh:0.7.2:*:*:*:*:*:*:*
libssh
Version:
0.9.2
CPE:
cpe:2.3:a:libssh:libssh:0.9.2:*:*:*:*:*:*:*
libssh
Version:
0.9.3
CPE:
cpe:2.3:a:libssh:libssh:0.9.3:*:*:*:*:*:*:*
libssh
Version:
0.8.5
CPE:
cpe:2.3:a:libssh:libssh:0.8.5:*:*:*:*:*:*:*
libssh
Version:
0.7.3
CPE:
cpe:2.3:a:libssh:libssh:0.7.3:*:*:*:*:*:*:*
libssh
Version:
0.9.4
CPE:
cpe:2.3:a:libssh:libssh:0.9.4:*:*:*:*:*:*:*
libssh
Version:
0.4.7
CPE:
cpe:2.3:a:libssh:libssh:0.4.7:*:*:*:*:*:*:*
libssh
Version:
0.9.6
CPE:
cpe:2.3:a:libssh:libssh:0.9.6:*:*:*:*:*:*:*
libssh
Version:
0.8.7
CPE:
cpe:2.3:a:libssh:libssh:0.8.7:*:*:*:*:*:*:*
libssh
Version:
0.5.4
CPE:
cpe:2.3:a:libssh:libssh:0.5.4:*:*:*:*:*:*:*
libssh
Version:
0.10.0
CPE:
cpe:2.3:a:libssh:libssh:0.10.0:*:*:*:*:*:*:*
libssh
Version:
0.8.2
CPE:
cpe:2.3:a:libssh:libssh:0.8.2:*:*:*:*:*:*:*
libssh
Version:
0.8.8
CPE:
cpe:2.3:a:libssh:libssh:0.8.8:*:*:*:*:*:*:*
libssh
Version:
0.8.4
CPE:
cpe:2.3:a:libssh:libssh:0.8.4:*:*:*:*:*:*:*
libssh
Version:
0.8.9
CPE:
cpe:2.3:a:libssh:libssh:0.8.9:*:*:*:*:*:*:*
libssh
Version:
0.6.5
CPE:
cpe:2.3:a:libssh:libssh:0.6.5:*:*:*:*:*:*:*
libssh
Version:
0.7.6
CPE:
cpe:2.3:a:libssh:libssh:0.7.6:*:*:*:*:*:*:*
libssh
Version:
0.9.7
CPE:
cpe:2.3:a:libssh:libssh:0.9.7:*:*:*:*:*:*:*
libssh
Version:
0.5.0
CPE:
cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*
libssh
Version:
0.6.3
CPE:
cpe:2.3:a:libssh:libssh:0.6.3:*:*:*:*:*:*:*
libssh
Version:
0.6.0
CPE:
cpe:2.3:a:libssh:libssh:0.6.0:*:*:*:*:*:*:*
libssh
Version:
0.10.1
CPE:
cpe:2.3:a:libssh:libssh:0.10.1:*:*:*:*:*:*:*
libssh
Version:
0.7.7
CPE:
cpe:2.3:a:libssh:libssh:0.7.7:*:*:*:*:*:*:*
libssh
Version:
0.5.3
CPE:
cpe:2.3:a:libssh:libssh:0.5.3:*:*:*:*:*:*:*
libssh
Version:
0.10.5
CPE:
cpe:2.3:a:libssh:libssh:0.10.5:*:*:*:*:*:*:*
libssh
Version:
0.4.8
CPE:
cpe:2.3:a:libssh:libssh:0.4.8:*:*:*:*:*:*:*
libssh
Version:
0.5.5
CPE:
cpe:2.3:a:libssh:libssh:0.5.5:*:*:*:*:*:*:*
libssh
Version:
0.9.5
CPE:
cpe:2.3:a:libssh:libssh:0.9.5:*:*:*:*:*:*:*
libssh
Version:
0.9.8
CPE:
cpe:2.3:a:libssh:libssh:0.9.8:*:*:*:*:*:*:*
libssh
Version:
0.5.1
CPE:
cpe:2.3:a:libssh:libssh:0.5.1:*:*:*:*:*:*:*
libssh
Version:
0.6.1
CPE:
cpe:2.3:a:libssh:libssh:0.6.1:*:*:*:*:*:*:*
libssh
Version:
0.11.1
CPE:
cpe:2.3:a:libssh:libssh:0.11.1:*:*:*:*:*:*:*
libssh
Version:
0.10.4
CPE:
cpe:2.3:a:libssh:libssh:0.10.4:*:*:*:*:*:*:*
libssh
Version:
0.7.1
CPE:
cpe:2.3:a:libssh:libssh:0.7.1:*:*:*:*:*:*:*
libssh
Version:
0.8.3
CPE:
cpe:2.3:a:libssh:libssh:0.8.3:*:*:*:*:*:*:*
libssh
Version:
0.9.0
CPE:
cpe:2.3:a:libssh:libssh:0.9.0:*:*:*:*:*:*:*
libssh
Version:
0.10.6
CPE:
cpe:2.3:a:libssh:libssh:0.10.6:*:*:*:*:*:*:*
libssh
Version:
0.7.5
CPE:
cpe:2.3:a:libssh:libssh:0.7.5:*:*:*:*:*:*:*
libssh
Version:
0.9.1
CPE:
cpe:2.3:a:libssh:libssh:0.9.1:*:*:*:*:*:*:*
libssh
Version:
0.10.3
CPE:
cpe:2.3:a:libssh:libssh:0.10.3:*:*:*:*:*:*:*
enterprise_linux
Version:
8.0
CPE:
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:arm64:*
enterprise_linux
Version:
10.0
CPE:
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
openshift_container_platform
Version:
4.0
CPE:
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
enterprise_linux
Version:
9.0
CPE:
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
This vulnerability affects 54 software configuration(s). Ensure you patch all affected systems.
Oracle
CPUAPR2026
Oracle Critical Patch Update Advisory - April 2026
Severity
Critical
Released
Apr 21, 2026
Restart Required
Security Update
Oracle
CPUJAN2026
Oracle Critical Patch Update Advisory - January 2026
Severity
Critical
Released
Jan 20, 2026
Restart Required
Security Update
Oracle
CPUOCT2025
Oracle Critical Patch Update Advisory - October 2025
Severity
Critical
Released
Oct 21, 2025
Restart Required
Security Update
Microsoft
2025-Jul-CVE-2025-5318
CVE-2025-5318: None
Severity
Unknown
Released
Sep 17, 2025
Security Update
Microsoft
2025-Jun-CVE-2025-5318
CVE-2025-5318: Libssh: out-of-bounds read in sftp_handle()
Severity
Unknown
Released
Sep 04, 2025
Security Update
SUSE
CVE-2025-5318
CVE-2025-5318
Severity
Unknown
Released
Jul 12, 2025
Security Update
References & Resources
-
https://access.redhat.com/errata/RHSA-2025:18231secalert@redhat.com Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2025:18275secalert@redhat.com Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2025:18286secalert@redhat.com Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2025:19012secalert@redhat.com Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2025:19098secalert@redhat.com Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2025:19101secalert@redhat.com Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2025:19295secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:19300secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:19313secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:19400secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:19401secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:19470secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:19472secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:19807secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:19864secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:20943secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:21013secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:21329secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:21829secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:22275secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:23078secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:23079secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2025:23080secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2026:0326secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2026:1541secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2026:3461secalert@redhat.com
-
https://access.redhat.com/errata/RHSA-2026:3462secalert@redhat.com
-
https://access.redhat.com/security/cve/CVE-2025-5318secalert@redhat.com Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2369131secalert@redhat.com Issue Tracking Third Party Advisory
-
https://www.libssh.org/security/advisories/CVE-2025-5318.txtsecalert@redhat.com Vendor Advisory
Severity Details
8.1
out of 10.0
High
Weakness Type (CWE)
CWE-125
Top 25 #11
Out-of-bounds Read
- Description
- The product reads data past the end, or before the beginning, of the intended buffer.
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- June 24, 2025
