CVE-2025-8114
Published: 24 July 2025
Summary
CVE-2025-8114 is a medium-severity NULL Pointer Dereference (CWE-476) vulnerability in Libssh Libssh. Its CVSS base score is 4.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 36.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22513
Vulnerability details
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can…
more
cause the client or server to crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
NULL pointer dereference in libssh during KEX session ID calculation causes crashes in SSH clients/servers, enabling endpoint DoS via application exploitation by local attackers.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.