VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-kagj-gtbn-4ydq

Essentials
Severities (27)
References (14)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-kagj-gtbn-4ydq
Aliases	CVE-2025-5318
Summary	A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
Status	Published
Exploitability	0.5
Weighted Severity	4.9
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-125

Out-of-bounds Read

System	Score	Found at
cvssv3	5.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5318.json
cvssv3.1	5.4	https://access.redhat.com/security/cve/CVE-2025-5318
ssvc	Track	https://access.redhat.com/security/cve/CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-5318
cvssv3.1	5.4	https://bugzilla.redhat.com/show_bug.cgi?id=2369131
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2369131
cvssv3.1	5.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.4	https://nvd.nist.gov/vuln/detail/CVE-2025-5318
cvssv3.1	5.4	https://www.libssh.org/security/advisories/CVE-2025-5318.txt
ssvc	Track	https://www.libssh.org/security/advisories/CVE-2025-5318.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5318.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-5318
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5318
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1108407		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108407
cpe:/a:redhat:openshift:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2025-5318		https://access.redhat.com/security/cve/CVE-2025-5318
CVE-2025-5318		https://nvd.nist.gov/vuln/detail/CVE-2025-5318
CVE-2025-5318.txt		https://www.libssh.org/security/advisories/CVE-2025-5318.txt
show_bug.cgi?id=2369131		https://bugzilla.redhat.com/show_bug.cgi?id=2369131
USN-7619-1		https://usn.ubuntu.com/7619-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5318.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/security/cve/CVE-2025-5318

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-24T14:29:13Z/ Found at https://access.redhat.com/security/cve/CVE-2025-5318

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2369131

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-24T14:29:13Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2369131

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-5318

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://www.libssh.org/security/advisories/CVE-2025-5318.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-24T14:29:13Z/ Found at https://www.libssh.org/security/advisories/CVE-2025-5318.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.14428
EPSS Score	0.00047
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:39:22.950638+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/edge/community.json	37.0.0