CVE-2025-5372 – OpenSSL SSH Key Derivation Buffer Initialization Vulnerability

CVE ID : CVE-2025-5372

Published : July 4, 2025, 6:15 a.m. | 43 minutes ago

Description : A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions’ confidentiality, integrity, and availability.

Severity: 5.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

نوشته های مشابه

CVE-2025-30943 – Aakif Kadiwala Posts Slider Shortcode Cross-site Scripting (XSS)

CVE-2025-30947 – Gopiplus Cool Fade Popup SQL Injection

CVE-2025-30969 – Gopiplus iFrame Images Gallery SQL Injection

CVE-2025-30979 – Gopiplus Pixelating image slideshow gallery SQL Injection