CVE-2025-59339 is a medium-severity vulnerability affecting versions of OVH's 'the-bastion' product prior to 3.22.00. The Bastion is a security solution designed to provide authentication, authorization, traceability, and auditability for SSH access sessions. It records sessions into ttyrec files and includes a helper script named osh-encrypt-rsync, which is responsible for rotating, encrypting, signing, copying, and optionally moving these session recordings to remote storage. The vulnerability arises because while the script correctly rotates and encrypts the ttyrec files using the configured GPG keys, it silently fails to sign the files even when signing is requested. This failure constitutes a missing cryptographic step (CWE-325), specifically the absence of digital signatures that would ensure the integrity and authenticity of the session recordings. Without signatures, the integrity of the session logs cannot be cryptographically verified, potentially allowing an attacker or insider to tamper with or forge session records without detection. The CVSS 3.1 score of 4.4 (medium) reflects that exploitation requires local access with high privileges (AV:L/PR:H), no user interaction, and impacts integrity but not confidentiality or availability. No known exploits are currently reported in the wild. The vulnerability affects the integrity of audit logs, which are critical for forensic analysis and compliance, but does not directly expose confidential data or disrupt service availability. The issue is specific to the cryptographic signing step in the session recording management process and can be mitigated by updating to a fixed version or applying patches once available.

For European organizations, this vulnerability undermines the trustworthiness of SSH session audit logs managed by the-bastion. Many regulated industries in Europe, such as finance, healthcare, and critical infrastructure, rely heavily on accurate and tamper-proof audit trails for compliance with GDPR, NIS Directive, and other cybersecurity regulations. The inability to cryptographically verify the integrity of session recordings could lead to undetected malicious activity or insider threats, complicating incident response and forensic investigations. This could result in regulatory penalties, reputational damage, and increased risk of persistent unauthorized access. While the vulnerability does not directly expose sensitive data or cause service outages, the loss of audit integrity weakens overall security posture and could be exploited in targeted attacks where attackers aim to erase or alter traces of their activity. Organizations using the-bastion for SSH access control and session recording must be aware that their audit logs may not be fully reliable until the vulnerability is remediated.

1. Upgrade the-bastion to version 3.22.00 or later once available, where the signing functionality in osh-encrypt-rsync is correctly implemented. 2. Until an official patch is released, implement compensating controls such as: - Manually verifying the integrity of session recordings using alternative cryptographic methods or external tools. - Restricting access to the session recording files and the osh-encrypt-rsync script to trusted administrators only. - Enhancing monitoring and alerting around SSH access and session recording processes to detect suspicious activity. 3. Review and harden the configuration of the-bastion, ensuring that encryption and signing options are correctly set and tested. 4. Consider integrating additional logging and audit mechanisms that provide independent verification of session integrity. 5. Conduct regular audits of session recording files to detect any unauthorized modifications. 6. Educate security teams about the limitations of current session recording integrity until the vulnerability is fixed.