Skip to main content

CVE-2025-5372: Incorrect Calculation in Red Hat Red Hat Enterprise Linux 10

Medium
VulnerabilityCVE-2025-5372cvecve-2025-5372
Published: Fri Jul 04 2025 (07/04/2025, 06:01:27 UTC)
Source: CVE Database V5
Vendor/Project: Red Hat
Product: Red Hat Enterprise Linux 10

Description

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.

AI-Powered Analysis

AILast updated: 07/14/2025, 21:33:21 UTC

Technical Analysis

CVE-2025-5372 is a medium-severity vulnerability identified in Red Hat Enterprise Linux 10, specifically affecting libssh versions built with OpenSSL versions older than 3.0. The flaw resides in the ssh_kdf() function, which is responsible for key derivation during SSH session establishment. The root cause is an inconsistent interpretation of return values between OpenSSL and libssh: OpenSSL signals failure with a return value of 0, whereas libssh uses 0 to indicate success. This discrepancy can cause ssh_kdf() to incorrectly report success even when key derivation fails. As a result, uninitialized cryptographic key buffers may be used in subsequent SSH communications. This undermines the confidentiality, integrity, and availability of SSH sessions, potentially allowing attackers to intercept, manipulate, or disrupt secure communications. Although the CVSS score is 5.0 (medium), the vulnerability impacts a critical security function—SSH key derivation—and could lead to session compromise if exploited. The vulnerability does not require user interaction but does require low privileges to exploit, and the attack vector is network-based. No known exploits are currently in the wild, and no patches or fixes have been linked yet. The vulnerability affects Red Hat Enterprise Linux 10 installations using libssh linked against OpenSSL versions prior to 3.0, which may be common in some enterprise environments that have not yet upgraded their cryptographic libraries.

Potential Impact

For European organizations, this vulnerability poses a risk to secure remote access and management infrastructure that relies on SSH, a ubiquitous protocol for system administration and automated processes. Compromise of SSH sessions could lead to unauthorized access, data leakage, or disruption of critical services. Industries with high reliance on Linux servers, such as finance, telecommunications, government, and critical infrastructure sectors, may face increased risk. The confidentiality impact is low to moderate due to potential exposure of session keys; integrity and availability impacts are also low to moderate as attackers could manipulate or disrupt SSH sessions. Given the medium CVSS score and the requirement for low privileges but no user interaction, the threat is credible but not trivial to exploit. European organizations using Red Hat Enterprise Linux 10 with older OpenSSL versions should consider this vulnerability seriously, especially those with remote administration practices or automated SSH-based workflows.

Mitigation Recommendations

Organizations should immediately audit their Red Hat Enterprise Linux 10 systems to identify libssh builds linked against OpenSSL versions older than 3.0. Upgrading OpenSSL to version 3.0 or later is critical to resolving the root cause of the inconsistent return value interpretation. If upgrading OpenSSL is not immediately feasible, recompiling or updating libssh to a version that correctly handles OpenSSL return values is recommended. Network-level controls such as restricting SSH access to trusted IP ranges and enforcing multi-factor authentication can reduce exploitation risk. Monitoring SSH session anomalies and logs for unusual failures or unexpected behavior may help detect exploitation attempts. Organizations should also stay alert for official patches or advisories from Red Hat and apply them promptly once available. Finally, consider implementing compensating controls such as SSH key rotation and enhanced session encryption policies to mitigate potential exposure.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
redhat
Date Reserved
2025-05-30T11:22:02.534Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 686770196f40f0eb729f595d

Added to database: 7/4/2025, 6:09:29 AM

Last enriched: 7/14/2025, 9:33:21 PM

Last updated: 7/14/2025, 9:33:21 PM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats