CVE-2025-5372 is a medium-severity vulnerability affecting Red Hat Enterprise Linux 10 systems that use libssh versions built with OpenSSL versions older than 3.0. The flaw resides in the ssh_kdf() function, which is responsible for key derivation during SSH session establishment. The vulnerability arises from inconsistent interpretation of return values between OpenSSL and libssh: OpenSSL signals failure with a return value of 0, while libssh treats 0 as success. This mismatch can cause ssh_kdf() to incorrectly report success even when key derivation fails. As a result, uninitialized cryptographic key buffers may be used in subsequent SSH communications. This can compromise the confidentiality, integrity, and availability of SSH sessions, potentially allowing attackers to intercept or manipulate data or cause session failures. The vulnerability requires network access (AV:N), has a high attack complexity (AC:H), requires low privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is low (C:L/I:L/A:L). No known exploits are currently reported in the wild. The issue specifically affects libssh versions linked against OpenSSL versions prior to 3.0, which is relevant for Red Hat Enterprise Linux 10 distributions using these library versions. The vulnerability was reserved in May 2025 and published in July 2025, with no patch links currently available, indicating that remediation may still be pending or in progress.

For European organizations, this vulnerability poses a risk to the security of SSH communications, which are widely used for remote administration, secure file transfers, and automated processes. Compromise of SSH session confidentiality and integrity could lead to unauthorized access, data leakage, or manipulation of critical systems. Although the impact is rated low to medium, the vulnerability's presence in a widely deployed enterprise Linux distribution like Red Hat Enterprise Linux 10 means that many organizations could be affected, particularly those relying on older OpenSSL versions. The high attack complexity reduces the likelihood of widespread exploitation, but targeted attacks against critical infrastructure or sensitive environments remain a concern. Disruption of SSH availability could also impact operational continuity. Given the reliance on SSH for secure remote management, this vulnerability could affect sectors such as finance, healthcare, government, and industrial control systems across Europe.

Organizations should first identify systems running Red Hat Enterprise Linux 10 with libssh linked against OpenSSL versions older than 3.0. Immediate mitigation includes upgrading OpenSSL to version 3.0 or later, where the return value semantics are consistent and this vulnerability is resolved. If upgrading OpenSSL is not immediately feasible, consider updating libssh to a version that correctly handles the return values or applying vendor-provided patches once available. Network-level controls such as restricting SSH access to trusted IP ranges and enforcing multi-factor authentication can reduce exposure. Monitoring SSH session logs for anomalies and employing intrusion detection systems to detect unusual SSH activity are also recommended. Additionally, organizations should plan for rapid deployment of patches once Red Hat releases official updates addressing this vulnerability. Avoid using vulnerable versions in critical environments until remediation is complete.