CVE-2025-14821: Uncontrolled Search Path Element in Red Hat Red Hat Hardened Images
A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:\etc directory, which can be created and modified by unprivileged local users.
AI Analysis
Technical Summary
This vulnerability arises from libssh automatically loading configuration files from the C:\etc directory on Windows systems, which can be created or modified by unprivileged local users. This uncontrolled search path element enables local attackers to manipulate SSH connections by performing man-in-the-middle attacks, security downgrades, and trusted host information tampering. The issue affects Red Hat Hardened Images but no specific affected versions are listed. The CVSS 3.1 vector indicates local attack vector, low complexity, low privileges required, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability.
Potential Impact
The vulnerability allows local attackers to compromise SSH communications by intercepting or downgrading connections and altering trusted host data, which can lead to significant breaches of confidentiality, integrity, and availability of SSH sessions on affected Windows systems using Red Hat Hardened Images with libssh. No known exploits in the wild have been reported to date.
Mitigation Recommendations
The vendor advisory linked does not explicitly state the availability of a patch or workaround for this vulnerability. Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2025-14821 for current remediation guidance. Until an official fix is available, restrict local user permissions to prevent unauthorized modification of the C:\etc directory and monitor for suspicious local activity related to SSH configuration files.
CVE-2025-14821: Uncontrolled Search Path Element in Red Hat Red Hat Hardened Images
Description
A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:\etc directory, which can be created and modified by unprivileged local users.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from libssh automatically loading configuration files from the C:\etc directory on Windows systems, which can be created or modified by unprivileged local users. This uncontrolled search path element enables local attackers to manipulate SSH connections by performing man-in-the-middle attacks, security downgrades, and trusted host information tampering. The issue affects Red Hat Hardened Images but no specific affected versions are listed. The CVSS 3.1 vector indicates local attack vector, low complexity, low privileges required, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability.
Potential Impact
The vulnerability allows local attackers to compromise SSH communications by intercepting or downgrading connections and altering trusted host data, which can lead to significant breaches of confidentiality, integrity, and availability of SSH sessions on affected Windows systems using Red Hat Hardened Images with libssh. No known exploits in the wild have been reported to date.
Mitigation Recommendations
The vendor advisory linked does not explicitly state the availability of a patch or workaround for this vulnerability. Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2025-14821 for current remediation guidance. Until an official fix is available, restrict local user permissions to prevent unauthorized modification of the C:\etc directory and monitor for suspicious local activity related to SSH configuration files.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2025-12-17T11:45:32.329Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2025-14821","vendor":"Red Hat"}]
Threat ID: 69d534e5aaed68159a357db8
Added to database: 4/7/2026, 4:46:29 PM
Last enriched: 5/3/2026, 2:29:23 AM
Last updated: 5/23/2026, 3:44:02 AM
Views: 67
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.