CVE-2025-5372: Incorrect Calculation in Red Hat Red Hat Enterprise Linux 10
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
AI Analysis
Technical Summary
CVE-2025-5372 is a medium-severity vulnerability affecting Red Hat Enterprise Linux 10 systems that use libssh versions built with OpenSSL versions older than 3.0. The flaw resides in the ssh_kdf() function, which is responsible for key derivation during SSH session establishment. The vulnerability arises from inconsistent interpretation of return values between OpenSSL and libssh: OpenSSL signals failure with a return value of 0, while libssh treats 0 as success. This mismatch can cause ssh_kdf() to incorrectly report success even when key derivation fails. As a result, uninitialized cryptographic key buffers may be used in subsequent SSH communications. This can compromise the confidentiality, integrity, and availability of SSH sessions, potentially allowing attackers to intercept or manipulate data or cause session failures. The vulnerability requires network access (AV:N), has a high attack complexity (AC:H), requires low privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is low (C:L/I:L/A:L). No known exploits are currently reported in the wild. The issue specifically affects libssh versions linked against OpenSSL versions prior to 3.0, which is relevant for Red Hat Enterprise Linux 10 distributions using these library versions. The vulnerability was reserved in May 2025 and published in July 2025, with no patch links currently available, indicating that remediation may still be pending or in progress.
Potential Impact
For European organizations, this vulnerability poses a risk to the security of SSH communications, which are widely used for remote administration, secure file transfers, and automated processes. Compromise of SSH session confidentiality and integrity could lead to unauthorized access, data leakage, or manipulation of critical systems. Although the impact is rated low to medium, the vulnerability's presence in a widely deployed enterprise Linux distribution like Red Hat Enterprise Linux 10 means that many organizations could be affected, particularly those relying on older OpenSSL versions. The high attack complexity reduces the likelihood of widespread exploitation, but targeted attacks against critical infrastructure or sensitive environments remain a concern. Disruption of SSH availability could also impact operational continuity. Given the reliance on SSH for secure remote management, this vulnerability could affect sectors such as finance, healthcare, government, and industrial control systems across Europe.
Mitigation Recommendations
Organizations should first identify systems running Red Hat Enterprise Linux 10 with libssh linked against OpenSSL versions older than 3.0. Immediate mitigation includes upgrading OpenSSL to version 3.0 or later, where the return value semantics are consistent and this vulnerability is resolved. If upgrading OpenSSL is not immediately feasible, consider updating libssh to a version that correctly handles the return values or applying vendor-provided patches once available. Network-level controls such as restricting SSH access to trusted IP ranges and enforcing multi-factor authentication can reduce exposure. Monitoring SSH session logs for anomalies and employing intrusion detection systems to detect unusual SSH activity are also recommended. Additionally, organizations should plan for rapid deployment of patches once Red Hat releases official updates addressing this vulnerability. Avoid using vulnerable versions in critical environments until remediation is complete.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Belgium, Finland
CVE-2025-5372: Incorrect Calculation in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
AI-Powered Analysis
Technical Analysis
CVE-2025-5372 is a medium-severity vulnerability affecting Red Hat Enterprise Linux 10 systems that use libssh versions built with OpenSSL versions older than 3.0. The flaw resides in the ssh_kdf() function, which is responsible for key derivation during SSH session establishment. The vulnerability arises from inconsistent interpretation of return values between OpenSSL and libssh: OpenSSL signals failure with a return value of 0, while libssh treats 0 as success. This mismatch can cause ssh_kdf() to incorrectly report success even when key derivation fails. As a result, uninitialized cryptographic key buffers may be used in subsequent SSH communications. This can compromise the confidentiality, integrity, and availability of SSH sessions, potentially allowing attackers to intercept or manipulate data or cause session failures. The vulnerability requires network access (AV:N), has a high attack complexity (AC:H), requires low privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is low (C:L/I:L/A:L). No known exploits are currently reported in the wild. The issue specifically affects libssh versions linked against OpenSSL versions prior to 3.0, which is relevant for Red Hat Enterprise Linux 10 distributions using these library versions. The vulnerability was reserved in May 2025 and published in July 2025, with no patch links currently available, indicating that remediation may still be pending or in progress.
Potential Impact
For European organizations, this vulnerability poses a risk to the security of SSH communications, which are widely used for remote administration, secure file transfers, and automated processes. Compromise of SSH session confidentiality and integrity could lead to unauthorized access, data leakage, or manipulation of critical systems. Although the impact is rated low to medium, the vulnerability's presence in a widely deployed enterprise Linux distribution like Red Hat Enterprise Linux 10 means that many organizations could be affected, particularly those relying on older OpenSSL versions. The high attack complexity reduces the likelihood of widespread exploitation, but targeted attacks against critical infrastructure or sensitive environments remain a concern. Disruption of SSH availability could also impact operational continuity. Given the reliance on SSH for secure remote management, this vulnerability could affect sectors such as finance, healthcare, government, and industrial control systems across Europe.
Mitigation Recommendations
Organizations should first identify systems running Red Hat Enterprise Linux 10 with libssh linked against OpenSSL versions older than 3.0. Immediate mitigation includes upgrading OpenSSL to version 3.0 or later, where the return value semantics are consistent and this vulnerability is resolved. If upgrading OpenSSL is not immediately feasible, consider updating libssh to a version that correctly handles the return values or applying vendor-provided patches once available. Network-level controls such as restricting SSH access to trusted IP ranges and enforcing multi-factor authentication can reduce exposure. Monitoring SSH session logs for anomalies and employing intrusion detection systems to detect unusual SSH activity are also recommended. Additionally, organizations should plan for rapid deployment of patches once Red Hat releases official updates addressing this vulnerability. Avoid using vulnerable versions in critical environments until remediation is complete.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-05-30T11:22:02.534Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686770196f40f0eb729f595d
Added to database: 7/4/2025, 6:09:29 AM
Last enriched: 7/4/2025, 6:24:34 AM
Last updated: 7/4/2025, 6:24:34 AM
Views: 2
Related Threats
CVE-2025-6944: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in undsgn Uncode Core
MediumCVE-2025-7053: Cross Site Scripting in Cockpit
MediumCVE-2025-7046: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in dotrex Portfolio for Elementor & Image Gallery | PowerFolio
MediumCVE-2025-6814: CWE-862 Missing Authorization in dunskii Booking X – Appointment and Reservation Availability Calendar
HighCVE-2025-6787: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ibachal Smart Docs
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.