Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-u5ts-n3fz-nud9
Vulnerability ID VCID-u5ts-n3fz-nud9
Aliases CVE-2025-5372
Summary libssh: Incorrect Return Code Handling in ssh_kdf() in libssh
Status Published
Exploitability 0.5
Weighted Severity 4.5
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-682 Incorrect Calculation
System Score Found at
cvssv3.1 5 https://access.redhat.com/errata/RHSA-2025:21977
ssvc Track https://access.redhat.com/errata/RHSA-2025:21977
cvssv3.1 5 https://access.redhat.com/errata/RHSA-2025:23024
ssvc Track https://access.redhat.com/errata/RHSA-2025:23024
cvssv3 5.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5372.json
cvssv3.1 5 https://access.redhat.com/security/cve/CVE-2025-5372
ssvc Track https://access.redhat.com/security/cve/CVE-2025-5372
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2025-5372
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2025-5372
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2025-5372
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2025-5372
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2025-5372
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2025-5372
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2025-5372
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2025-5372
cvssv3.1 5 https://bugzilla.redhat.com/show_bug.cgi?id=2369388
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2369388
cvssv3.1 7.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5372.json
https://api.first.org/data/v1/epss?cve=CVE-2025-5372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5372
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1108407 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108407
2369388 https://bugzilla.redhat.com/show_bug.cgi?id=2369388
cpe:/a:redhat:enterprise_linux:8::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:openshift:4 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/a:redhat:rhel_e4s:9.0::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/o:redhat:enterprise_linux:10 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
cpe:/o:redhat:rhel_e4s:9.0::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos
CVE-2025-5372 https://access.redhat.com/security/cve/CVE-2025-5372
RHSA-2025:21977 https://access.redhat.com/errata/RHSA-2025:21977
RHSA-2025:23024 https://access.redhat.com/errata/RHSA-2025:23024
USN-7619-1 https://usn.ubuntu.com/7619-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2025:21977
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T14:08:57Z/ Found at https://access.redhat.com/errata/RHSA-2025:21977
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2025:23024
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T14:08:57Z/ Found at https://access.redhat.com/errata/RHSA-2025:23024
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5372.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/security/cve/CVE-2025-5372
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T14:08:57Z/ Found at https://access.redhat.com/security/cve/CVE-2025-5372
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2369388
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T14:08:57Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2369388
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.27897
EPSS Score 0.00101
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:39:06.427245+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5372.json 38.0.0