VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-42jz-k5rb-uud3

Essentials
Severities (26)
References (17)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-42jz-k5rb-uud3
Aliases	CVE-2025-4878
Summary	A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.
Status	Published
Exploitability	0.5
Weighted Severity	3.2
Risk	1.6
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3	3.6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4878.json
cvssv3.1	3.6	https://access.redhat.com/security/cve/CVE-2025-4878
ssvc	Track	https://access.redhat.com/security/cve/CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-4878
cvssv3.1	3.6	https://bugzilla.redhat.com/show_bug.cgi?id=2376184
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2376184
cvssv3.1	3.6	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	3.6	https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1
ssvc	Track	https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1
cvssv3.1	3.6	https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb
ssvc	Track	https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4878.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-4878
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4878
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1108407		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108407
cpe:/a:redhat:openshift:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2025-4878		https://access.redhat.com/security/cve/CVE-2025-4878
CVE-2025-4878		https://nvd.nist.gov/vuln/detail/CVE-2025-4878
?id=697650caa97eaf7623924c75f9fcfec6dd423cd1		https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1
?id=b35ee876adc92a208d47194772e99f9c71e0bedb		https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb
show_bug.cgi?id=2376184		https://bugzilla.redhat.com/show_bug.cgi?id=2376184
USN-7619-1		https://usn.ubuntu.com/7619-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4878.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/security/cve/CVE-2025-4878

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-22T14:34:47Z/ Found at https://access.redhat.com/security/cve/CVE-2025-4878

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2376184

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-22T14:34:47Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2376184

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-22T14:34:47Z/ Found at https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-22T14:34:47Z/ Found at https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb

Exploit Prediction Scoring System (EPSS)

Percentile	0.01462
EPSS Score	0.00013
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:55:24.020055+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/7619-1/	37.0.0