CVE-2025-5449
Published: 25 July 2025
Summary
CVE-2025-5449 is a medium-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Libssh Libssh. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 32.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22738
Vulnerability details
A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to…
more
failed memory allocation and causes the server process to crash, resulting in a denial of service.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The integer overflow in libssh SFTP server packet length validation allows authenticated remote attackers to crash the server process on 32-bit systems via failed memory allocation, enabling application exploitation for endpoint denial of service.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.