Cyber Resilience

CVE-2025-5987

High

Published: 07 July 2025

Published
07 July 2025
Modified
20 March 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0123 79.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-5987 is a high-severity Return of Wrong Status Code (CWE-393) vulnerability in Libssh Libssh. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique OS Exhaustion Flood (T1499.001); ranked in the top 20.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A flaw exists in libssh when the ChaCha20 cipher is used together with the OpenSSL library. Heap-exhaustion conditions during cipher initialization are not detected because the OpenSSL error return value aliases with SSH_OK; consequently libssh proceeds with a partially initialized cipher context. The resulting undefined behavior can affect data confidentiality and integrity or cause application crashes. The issue is tracked as CVE-2025-5987 and carries a CVSS 3.1 score of 8.1.

An unauthenticated remote attacker who can reach a libssh-based service and induce heap pressure may trigger the flaw. Successful exploitation can lead to disclosure or manipulation of session data as well as denial-of-service conditions. The attack requires high complexity because the adversary must both control network access and arrange the specific memory-exhaustion state.

Red Hat has published the advisories RHSA-2025:23483, RHSA-2025:23484, RHSA-2026:0427, RHSA-2026:0428 and RHSA-2026:0430 that address the defect; applying the corresponding libssh updates removes the erroneous error-code handling path. The associated EPSS score remains low (current 0.0123, peak 0.0149) with no material upward trajectory after disclosure.

EU & UK References

Vulnerability details

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context.…

more

This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.001 OS Exhaustion Flood Impact
Adversaries may launch a denial of service (DoS) attack targeting an endpoint's operating system (OS).
T1565.002 Transmitted Data Manipulation Impact
Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.
T1600 Weaken Encryption Defense Impairment
Adversaries may compromise a network device’s encryption capability in order to bypass encryption that would otherwise protect data communications.
Why these techniques?

The vulnerability in libssh enables heap exhaustion (T1499.001: OS Exhaustion Flood) to trigger undetected errors, resulting in partially initialized ChaCha20 cipher contexts. This compromises data confidentiality and integrity over SSH (T1600: Weaken Encryption, T1565.002: Transmitted Data Manipulation).

Affected Assets

libssh
libssh
0.10.0 — 0.11.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References