{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T09:57:28.051","vulnerabilities":[{"cve":{"id":"CVE-2025-5372","sourceIdentifier":"secalert@redhat.com","published":"2025-07-04T06:15:24.930","lastModified":"2026-05-26T07:16:17.127","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability."},{"lang":"es","value":"Se encontró una falla en las versiones de libssh compiladas con versiones de OpenSSL anteriores a la 3.0, específicamente en la función ssh_kdf(), responsable de la derivación de claves. Debido a la interpretación inconsistente de los valores de retorno, donde OpenSSL usa 0 para indicar un fallo y libssh usa 0 para éxito, la función puede devolver erróneamente un estado de éxito incluso cuando la derivación de claves falla. Esto provoca que se utilicen búferes de claves criptográficas sin inicializar en comunicaciones posteriores, lo que podría comprometer la confidencialidad, integridad y disponibilidad de las sesiones SSH."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-682"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionEndExcluding":"0.11.2","matchCriteriaId":"6E05F605-6E29-4F09-96DF-A1E1B29D0C3C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:21977","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:23024","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20610","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-5372","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369388","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]}]}}]}