Skip to main content

CVE-2025-5372: Incorrect Calculation in Red Hat Red Hat Enterprise Linux 10

Medium
VulnerabilityCVE-2025-5372cvecve-2025-5372
Published: Fri Jul 04 2025 (07/04/2025, 06:01:27 UTC)
Source: CVE Database V5
Vendor/Project: Red Hat
Product: Red Hat Enterprise Linux 10

Description

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.

AI-Powered Analysis

AILast updated: 07/04/2025, 06:24:34 UTC

Technical Analysis

CVE-2025-5372 is a medium-severity vulnerability affecting Red Hat Enterprise Linux 10 systems that use libssh versions built with OpenSSL versions older than 3.0. The flaw resides in the ssh_kdf() function, which is responsible for key derivation during SSH session establishment. The vulnerability arises from inconsistent interpretation of return values between OpenSSL and libssh: OpenSSL signals failure with a return value of 0, while libssh treats 0 as success. This mismatch can cause ssh_kdf() to incorrectly report success even when key derivation fails. As a result, uninitialized cryptographic key buffers may be used in subsequent SSH communications. This can compromise the confidentiality, integrity, and availability of SSH sessions, potentially allowing attackers to intercept or manipulate data or cause session failures. The vulnerability requires network access (AV:N), has a high attack complexity (AC:H), requires low privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is low (C:L/I:L/A:L). No known exploits are currently reported in the wild. The issue specifically affects libssh versions linked against OpenSSL versions prior to 3.0, which is relevant for Red Hat Enterprise Linux 10 distributions using these library versions. The vulnerability was reserved in May 2025 and published in July 2025, with no patch links currently available, indicating that remediation may still be pending or in progress.

Potential Impact

For European organizations, this vulnerability poses a risk to the security of SSH communications, which are widely used for remote administration, secure file transfers, and automated processes. Compromise of SSH session confidentiality and integrity could lead to unauthorized access, data leakage, or manipulation of critical systems. Although the impact is rated low to medium, the vulnerability's presence in a widely deployed enterprise Linux distribution like Red Hat Enterprise Linux 10 means that many organizations could be affected, particularly those relying on older OpenSSL versions. The high attack complexity reduces the likelihood of widespread exploitation, but targeted attacks against critical infrastructure or sensitive environments remain a concern. Disruption of SSH availability could also impact operational continuity. Given the reliance on SSH for secure remote management, this vulnerability could affect sectors such as finance, healthcare, government, and industrial control systems across Europe.

Mitigation Recommendations

Organizations should first identify systems running Red Hat Enterprise Linux 10 with libssh linked against OpenSSL versions older than 3.0. Immediate mitigation includes upgrading OpenSSL to version 3.0 or later, where the return value semantics are consistent and this vulnerability is resolved. If upgrading OpenSSL is not immediately feasible, consider updating libssh to a version that correctly handles the return values or applying vendor-provided patches once available. Network-level controls such as restricting SSH access to trusted IP ranges and enforcing multi-factor authentication can reduce exposure. Monitoring SSH session logs for anomalies and employing intrusion detection systems to detect unusual SSH activity are also recommended. Additionally, organizations should plan for rapid deployment of patches once Red Hat releases official updates addressing this vulnerability. Avoid using vulnerable versions in critical environments until remediation is complete.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
redhat
Date Reserved
2025-05-30T11:22:02.534Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 686770196f40f0eb729f595d

Added to database: 7/4/2025, 6:09:29 AM

Last enriched: 7/4/2025, 6:24:34 AM

Last updated: 7/4/2025, 6:24:34 AM

Views: 2

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats