CVE-2025-5372 is a vulnerability identified in the ssh_kdf() function within libssh versions compiled with OpenSSL versions prior to 3.0, specifically impacting Red Hat Enterprise Linux 8. The ssh_kdf() function is responsible for deriving cryptographic keys used in SSH sessions. The root cause is a mismatch in the interpretation of return values: OpenSSL signals failure with a return value of 0, whereas libssh treats 0 as success. This inconsistency can cause ssh_kdf() to incorrectly report successful key derivation even when it has failed, resulting in the use of uninitialized cryptographic key buffers in subsequent SSH communications. The consequence is that SSH sessions may be established with weak or invalid keys, undermining the confidentiality, integrity, and availability of the data transmitted. The vulnerability requires network access (AV:N), has a high attack complexity (AC:H), requires low privileges (PR:L), and does not require user interaction (UI:N). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is low to medium (C:L/I:L/A:L), leading to an overall CVSS 3.1 base score of 5.0 (medium severity). No known exploits have been reported in the wild, but the flaw poses a risk to any system using the affected libssh and OpenSSL versions. The vulnerability is particularly relevant for environments where SSH is heavily used for secure remote access and automation, such as enterprise servers and cloud infrastructure running Red Hat Enterprise Linux 8.

For European organizations, this vulnerability could lead to compromised SSH sessions, risking unauthorized data disclosure, session hijacking, or denial of service due to corrupted cryptographic keys. This is especially critical for sectors relying on secure remote access, such as finance, government, healthcare, and critical infrastructure. The use of uninitialized key buffers could allow attackers to decrypt or tamper with SSH traffic, undermining trust in secure communications. Given the medium severity and the requirement for network access with low privileges, attackers with internal network access or compromised low-privilege accounts could exploit this flaw to escalate their access or intercept sensitive data. The impact on availability, while lower, could disrupt automated processes relying on SSH. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

European organizations should prioritize upgrading OpenSSL to version 3.0 or later to ensure consistent return value semantics with libssh. If upgrading OpenSSL is not immediately feasible, applying patches or updates to libssh that correctly handle the return values from OpenSSL is essential. Organizations should audit their Red Hat Enterprise Linux 8 systems to identify those running vulnerable libssh and OpenSSL versions. Network segmentation and strict access controls can limit exposure by restricting SSH access to trusted hosts and users. Monitoring SSH session logs for anomalies and implementing intrusion detection systems capable of identifying unusual SSH behavior can help detect exploitation attempts. Additionally, organizations should enforce multi-factor authentication for SSH access to reduce the risk of unauthorized use. Regularly reviewing and updating cryptographic libraries and dependencies as part of patch management processes will help prevent similar issues.