CVE-2025-5987
Published: 07 July 2025
Summary
CVE-2025-5987 is a high-severity Return of Wrong Status Code (CWE-393) vulnerability in Libssh Libssh. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique OS Exhaustion Flood (T1499.001); ranked in the top 20.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A flaw exists in libssh when the ChaCha20 cipher is used together with the OpenSSL library. Heap-exhaustion conditions during cipher initialization are not detected because the OpenSSL error return value aliases with SSH_OK; consequently libssh proceeds with a partially initialized cipher context. The resulting undefined behavior can affect data confidentiality and integrity or cause application crashes. The issue is tracked as CVE-2025-5987 and carries a CVSS 3.1 score of 8.1.
An unauthenticated remote attacker who can reach a libssh-based service and induce heap pressure may trigger the flaw. Successful exploitation can lead to disclosure or manipulation of session data as well as denial-of-service conditions. The attack requires high complexity because the adversary must both control network access and arrange the specific memory-exhaustion state.
Red Hat has published the advisories RHSA-2025:23483, RHSA-2025:23484, RHSA-2026:0427, RHSA-2026:0428 and RHSA-2026:0430 that address the defect; applying the corresponding libssh updates removes the erroneous error-code handling path. The associated EPSS score remains low (current 0.0123, peak 0.0149) with no material upward trajectory after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20227
Vulnerability details
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context.…
more
This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in libssh enables heap exhaustion (T1499.001: OS Exhaustion Flood) to trigger undetected errors, resulting in partially initialized ChaCha20 cipher contexts. This compromises data confidentiality and integrity over SSH (T1600: Weaken Encryption, T1565.002: Transmitted Data Manipulation).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.