CVE-2025-58181

Medium

Low Medium High Critical

5.3

CVSS Score

Published: Nov 19, 2025

Last Modified: Dec 11, 2025

Vulnerability Description

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Available Security Patches

2 patches available from vendors

View All Patches

Canonical (Ubuntu)

USN-7956-1

USN-7956-1: Google Guest Agent vulnerability

Severity

Unknown

Released

Jan 13, 2026

Security Update

View Details Vendor Page

SUSE

CVE-2025-58181

Severity

Unknown

Released

Dec 23, 2025

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

Severity Details

5.3

out of 10.0

Medium

Key Information

Published Date: November 19, 2025

External Resources

NIST NVD

National Vulnerability Database

CVE Details

Detailed vulnerability info

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages

CVE-2025-58181

Vulnerability Description

CVSS Metrics

Available Security Patches

USN-7956-1

CVE-2025-58181

References & Resources

Severity Details

Key Information

External Resources