CVE-2025-5372: Incorrect Calculation in Red Hat Red Hat Enterprise Linux 10
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
AI Analysis
Technical Summary
CVE-2025-5372 is a medium-severity vulnerability identified in Red Hat Enterprise Linux 10, specifically affecting libssh versions built with OpenSSL versions older than 3.0. The flaw resides in the ssh_kdf() function, which is responsible for key derivation during SSH session establishment. The root cause is an inconsistent interpretation of return values between OpenSSL and libssh: OpenSSL signals failure with a return value of 0, whereas libssh uses 0 to indicate success. This discrepancy can cause ssh_kdf() to incorrectly report success even when key derivation fails. As a result, uninitialized cryptographic key buffers may be used in subsequent SSH communications. This undermines the confidentiality, integrity, and availability of SSH sessions, potentially allowing attackers to intercept, manipulate, or disrupt secure communications. Although the CVSS score is 5.0 (medium), the vulnerability impacts a critical security function—SSH key derivation—and could lead to session compromise if exploited. The vulnerability does not require user interaction but does require low privileges to exploit, and the attack vector is network-based. No known exploits are currently in the wild, and no patches or fixes have been linked yet. The vulnerability affects Red Hat Enterprise Linux 10 installations using libssh linked against OpenSSL versions prior to 3.0, which may be common in some enterprise environments that have not yet upgraded their cryptographic libraries.
Potential Impact
For European organizations, this vulnerability poses a risk to secure remote access and management infrastructure that relies on SSH, a ubiquitous protocol for system administration and automated processes. Compromise of SSH sessions could lead to unauthorized access, data leakage, or disruption of critical services. Industries with high reliance on Linux servers, such as finance, telecommunications, government, and critical infrastructure sectors, may face increased risk. The confidentiality impact is low to moderate due to potential exposure of session keys; integrity and availability impacts are also low to moderate as attackers could manipulate or disrupt SSH sessions. Given the medium CVSS score and the requirement for low privileges but no user interaction, the threat is credible but not trivial to exploit. European organizations using Red Hat Enterprise Linux 10 with older OpenSSL versions should consider this vulnerability seriously, especially those with remote administration practices or automated SSH-based workflows.
Mitigation Recommendations
Organizations should immediately audit their Red Hat Enterprise Linux 10 systems to identify libssh builds linked against OpenSSL versions older than 3.0. Upgrading OpenSSL to version 3.0 or later is critical to resolving the root cause of the inconsistent return value interpretation. If upgrading OpenSSL is not immediately feasible, recompiling or updating libssh to a version that correctly handles OpenSSL return values is recommended. Network-level controls such as restricting SSH access to trusted IP ranges and enforcing multi-factor authentication can reduce exploitation risk. Monitoring SSH session anomalies and logs for unusual failures or unexpected behavior may help detect exploitation attempts. Organizations should also stay alert for official patches or advisories from Red Hat and apply them promptly once available. Finally, consider implementing compensating controls such as SSH key rotation and enhanced session encryption policies to mitigate potential exposure.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Belgium, Finland
CVE-2025-5372: Incorrect Calculation in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
AI-Powered Analysis
Technical Analysis
CVE-2025-5372 is a medium-severity vulnerability identified in Red Hat Enterprise Linux 10, specifically affecting libssh versions built with OpenSSL versions older than 3.0. The flaw resides in the ssh_kdf() function, which is responsible for key derivation during SSH session establishment. The root cause is an inconsistent interpretation of return values between OpenSSL and libssh: OpenSSL signals failure with a return value of 0, whereas libssh uses 0 to indicate success. This discrepancy can cause ssh_kdf() to incorrectly report success even when key derivation fails. As a result, uninitialized cryptographic key buffers may be used in subsequent SSH communications. This undermines the confidentiality, integrity, and availability of SSH sessions, potentially allowing attackers to intercept, manipulate, or disrupt secure communications. Although the CVSS score is 5.0 (medium), the vulnerability impacts a critical security function—SSH key derivation—and could lead to session compromise if exploited. The vulnerability does not require user interaction but does require low privileges to exploit, and the attack vector is network-based. No known exploits are currently in the wild, and no patches or fixes have been linked yet. The vulnerability affects Red Hat Enterprise Linux 10 installations using libssh linked against OpenSSL versions prior to 3.0, which may be common in some enterprise environments that have not yet upgraded their cryptographic libraries.
Potential Impact
For European organizations, this vulnerability poses a risk to secure remote access and management infrastructure that relies on SSH, a ubiquitous protocol for system administration and automated processes. Compromise of SSH sessions could lead to unauthorized access, data leakage, or disruption of critical services. Industries with high reliance on Linux servers, such as finance, telecommunications, government, and critical infrastructure sectors, may face increased risk. The confidentiality impact is low to moderate due to potential exposure of session keys; integrity and availability impacts are also low to moderate as attackers could manipulate or disrupt SSH sessions. Given the medium CVSS score and the requirement for low privileges but no user interaction, the threat is credible but not trivial to exploit. European organizations using Red Hat Enterprise Linux 10 with older OpenSSL versions should consider this vulnerability seriously, especially those with remote administration practices or automated SSH-based workflows.
Mitigation Recommendations
Organizations should immediately audit their Red Hat Enterprise Linux 10 systems to identify libssh builds linked against OpenSSL versions older than 3.0. Upgrading OpenSSL to version 3.0 or later is critical to resolving the root cause of the inconsistent return value interpretation. If upgrading OpenSSL is not immediately feasible, recompiling or updating libssh to a version that correctly handles OpenSSL return values is recommended. Network-level controls such as restricting SSH access to trusted IP ranges and enforcing multi-factor authentication can reduce exploitation risk. Monitoring SSH session anomalies and logs for unusual failures or unexpected behavior may help detect exploitation attempts. Organizations should also stay alert for official patches or advisories from Red Hat and apply them promptly once available. Finally, consider implementing compensating controls such as SSH key rotation and enhanced session encryption policies to mitigate potential exposure.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-05-30T11:22:02.534Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686770196f40f0eb729f595d
Added to database: 7/4/2025, 6:09:29 AM
Last enriched: 7/14/2025, 9:33:21 PM
Last updated: 7/14/2025, 9:33:21 PM
Views: 14
Related Threats
CVE-2025-7643: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in aaroncampbell Attachment Manager
CriticalCVE-2025-6726: CWE-862 Missing Authorization in krasenslavov Block Editor Gallery Slider
MediumCVE-2025-6719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in vladimirs Terms descriptions
MediumCVE-2025-6718: CWE-862 Missing Authorization in b1accounting B1.lt
HighCVE-2025-6717: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in b1accounting B1.lt
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.