CVE-2025-5372 is a vulnerability identified in the libssh library used within Red Hat Enterprise Linux 10 distributions that are built with OpenSSL versions older than 3.0. The vulnerability stems from the ssh_kdf() function, which is responsible for deriving cryptographic keys during SSH session establishment. The root cause is a mismatch in the interpretation of return values between OpenSSL and libssh: OpenSSL uses 0 to indicate failure, whereas libssh uses 0 to indicate success. Due to this inconsistency, ssh_kdf() may incorrectly report a successful key derivation even when the underlying OpenSSL call fails. This results in uninitialized or invalid cryptographic key buffers being used in subsequent SSH communications. The use of uninitialized keys can lead to compromised confidentiality, as attackers might decrypt or manipulate SSH traffic; integrity, as data could be tampered with undetected; and availability, if SSH sessions become unstable or fail. The vulnerability requires network access to the SSH service and low privileges, but no user interaction is needed. The CVSS v3.1 base score is 5.0 (medium), reflecting the moderate impact and exploitation complexity. No known exploits have been reported in the wild as of the publication date. The flaw affects Red Hat Enterprise Linux 10 systems using libssh linked against OpenSSL versions prior to 3.0, which is common in many enterprise environments. The vulnerability highlights the importance of consistent error handling across cryptographic libraries and their consumers.

For European organizations, the impact of CVE-2025-5372 can be significant, particularly for those relying heavily on Red Hat Enterprise Linux 10 in their server infrastructure and SSH for secure remote management. The vulnerability undermines the core security guarantees of SSH sessions—confidentiality, integrity, and availability—potentially allowing attackers to intercept or alter sensitive communications or disrupt access to critical systems. This could lead to unauthorized data disclosure, manipulation of commands or data, and denial of service conditions. Sectors such as finance, government, telecommunications, and critical infrastructure that depend on secure SSH access are at heightened risk. The medium severity score indicates that while exploitation is not trivial, the consequences of successful exploitation could disrupt business operations and compromise sensitive information. The absence of known exploits provides a window for proactive mitigation, but organizations should not delay remediation given the fundamental nature of the flaw in cryptographic key handling.

To mitigate CVE-2025-5372, European organizations should take the following specific actions: 1) Identify all Red Hat Enterprise Linux 10 systems using libssh built with OpenSSL versions older than 3.0 by auditing package versions and build configurations. 2) Upgrade OpenSSL to version 3.0 or later, which resolves the return value inconsistency and prevents the vulnerability. 3) Apply any official patches or updates released by Red Hat addressing this vulnerability as soon as they become available. 4) Where immediate patching is not possible, restrict SSH access to trusted networks and implement network-level controls such as firewalls and intrusion detection systems to monitor for anomalous SSH activity. 5) Conduct thorough testing of SSH key derivation and session establishment processes to detect any abnormal behavior or failures. 6) Educate system administrators about the vulnerability and the importance of verifying cryptographic library versions and their compatibility. 7) Consider deploying additional SSH security measures such as multi-factor authentication and session logging to detect potential exploitation attempts. 8) Maintain up-to-date inventory and vulnerability management processes to quickly identify and remediate similar cryptographic issues in the future.