CVE-2025-54804 is a medium severity vulnerability affecting the Eugeny russh library, a Rust-based SSH client and server implementation. The flaw exists in versions 0.54.0 and earlier, specifically in the handling of the SSH channel window adjust message. This message is used to communicate the available space in the receive buffer of the opposite channel endpoint. The russh implementation adds the value from this message to an internal state variable that tracks free buffer space. However, this addition can cause an integer overflow or wraparound due to insufficient bounds checking. When compiled with Rust's overflow checks enabled, this overflow triggers a panic, causing the russh server process to crash. This effectively allows a malicious SSH client to perform a denial-of-service (DoS) attack by sending crafted channel window adjust messages that exploit the integer overflow. The vulnerability does not impact confidentiality or integrity but affects availability by crashing the server. It requires the attacker to have at least some level of authenticated access (PR:L) and does not require user interaction (UI:N). The vulnerability is fixed in russh version 0.54.1. No known exploits are reported in the wild as of now. The CVSS v3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, and no impact on confidentiality or integrity but high impact on availability.

For European organizations, the primary impact of CVE-2025-54804 is the risk of denial-of-service attacks against SSH servers or clients using the vulnerable russh library. Since SSH is widely used for secure remote administration, disruption of SSH services can lead to operational downtime, loss of remote management capabilities, and potential delays in incident response or system maintenance. This can affect critical infrastructure, enterprise IT environments, and cloud services relying on russh for SSH connectivity. Although the vulnerability does not allow unauthorized data access or code execution, the availability impact can be significant in environments where SSH access is essential for business continuity. Organizations in sectors such as finance, telecommunications, government, and managed service providers in Europe could face operational risks if their systems incorporate vulnerable russh versions. The lack of known exploits reduces immediate risk, but the ease of triggering the overflow with authenticated access means that insider threats or compromised credentials could be leveraged to cause service disruption.

European organizations should immediately audit their software inventories to identify any use of the russh library, particularly versions below 0.54.1. Systems using vulnerable versions must be upgraded to russh 0.54.1 or later to apply the fix for the integer overflow. Where upgrading is not immediately feasible, organizations should implement network-level controls to restrict SSH access to trusted clients and monitor SSH session behavior for anomalous channel window adjust messages. Enforcing strict authentication and access controls reduces the risk of exploitation since the vulnerability requires at least some level of authenticated access. Additionally, enabling Rust overflow checks during development and testing phases can help detect similar issues early. Logging and alerting on SSH server crashes or panics can provide early warning of attempted exploitation. Finally, organizations should incorporate this vulnerability into their incident response plans to quickly remediate any DoS events caused by this flaw.