{"api_version":"1","generated_at":"2026-07-03T10:07:18+00:00","cve":"CVE-2025-5318","urls":{"html":"https://cve.report/CVE-2025-5318","api":"https://cve.report/api/cve/CVE-2025-5318.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-5318","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-5318"},"summary":{"title":"Libssh: out-of-bounds read in sftp_handle()","description":"A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.","state":"PUBLISHED","assigner":"redhat","published_at":"2025-06-24 14:15:30","updated_at":"2026-06-30 11:16:24"},"problem_types":["CWE-125","CWE-125 Out-of-bounds Read"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Secondary","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:19098","name":"https://access.redhat.com/errata/RHSA-2025:19098","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:19400","name":"https://access.redhat.com/errata/RHSA-2025:19400","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:19470","name":"https://access.redhat.com/errata/RHSA-2025:19470","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:20943","name":"https://access.redhat.com/errata/RHSA-2025:20943","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:19401","name":"https://access.redhat.com/errata/RHSA-2025:19401","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:18286","name":"https://access.redhat.com/errata/RHSA-2025:18286","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:19101","name":"https://access.redhat.com/errata/RHSA-2025:19101","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:23080","name":"https://access.redhat.com/errata/RHSA-2025:23080","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:19313","name":"https://access.redhat.com/errata/RHSA-2025:19313","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369131","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2369131","refsource":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:19012","name":"https://access.redhat.com/errata/RHSA-2025:19012","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:23079","name":"https://access.redhat.com/errata/RHSA-2025:23079","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:19472","name":"https://access.redhat.com/errata/RHSA-2025:19472","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-5318","name":"https://access.redhat.com/security/cve/CVE-2025-5318","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:23078","name":"https://access.redhat.com/errata/RHSA-2025:23078","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:19807","name":"https://access.redhat.com/errata/RHSA-2025:19807","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:22275","name":"https://access.redhat.com/errata/RHSA-2025:22275","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:3461","name":"https://access.redhat.com/errata/RHSA-2026:3461","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:21329","name":"https://access.redhat.com/errata/RHSA-2025:21329","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:3462","name":"https://access.redhat.com/errata/RHSA-2026:3462","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:18231","name":"https://access.redhat.com/errata/RHSA-2025:18231","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:18275","name":"https://access.redhat.com/errata/RHSA-2025:18275","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:19295","name":"https://access.redhat.com/errata/RHSA-2025:19295","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:21829","name":"https://access.redhat.com/errata/RHSA-2025:21829","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:21013","name":"https://access.redhat.com/errata/RHSA-2025:21013","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.libssh.org/security/advisories/CVE-2025-5318.txt","name":"https://www.libssh.org/security/advisories/CVE-2025-5318.txt","refsource":"secalert@redhat.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:0326","name":"https://access.redhat.com/errata/RHSA-2026:0326","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:19864","name":"https://access.redhat.com/errata/RHSA-2025:19864","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:19300","name":"https://access.redhat.com/errata/RHSA-2025:19300","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:1541","name":"https://access.redhat.com/errata/RHSA-2026:1541","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-5318","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5318","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"unaffected 0:0.11.1-4.el10_0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"unaffected 0:0.11.1-4.el10_1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"unaffected 0:0.9.6-15.el8_10 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"unaffected 0:0.9.6-15.el8_10 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","version":"unaffected 0:0.9.0-4.el8_2.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","version":"unaffected 0:0.9.4-2.el8_4.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","version":"unaffected 0:0.9.4-2.el8_4.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","version":"unaffected 0:0.9.6-4.el8_6.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","version":"unaffected 0:0.9.6-4.el8_6.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","version":"unaffected 0:0.9.6-4.el8_6.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","version":"unaffected 0:0.9.6-13.el8_8.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","version":"unaffected 0:0.9.6-13.el8_8.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:0.10.4-15.el9_6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:0.10.4-15.el9_7 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:0.10.4-15.el9_6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:0.10.4-15.el9_7 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","version":"unaffected 0:0.9.6-3.el9_0.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","version":"unaffected 0:0.10.4-9.el9_2.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","version":"unaffected 0:0.10.4-13.el9_4.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.12","version":"unaffected 412.86.202511191939-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.13","version":"unaffected 413.92.202511261311-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.14","version":"unaffected 414.92.202511122212-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.15","version":"unaffected 415.92.202601271320-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","version":"unaffected 416.94.202601071926-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.17","version":"unaffected 417.94.202510282022-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.18","version":"unaffected 418.94.202511041748-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.19","version":"unaffected 4.19.9.6.202510281054-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","version":"unaffected 4.20.9.6.202510290321-0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","version":"unaffected 3.2.2-1765379088 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","version":"unaffected 3.2.2-1765379049 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","version":"unaffected 3.2.2-1764871796 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","version":"unaffected 1772160593 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","version":"unaffected 1772160625 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.7.1","version":"unaffected rhosdt-3.7-1762254546 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.7.1","version":"unaffected rhosdt-3.7-1762254552 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.7.1","version":"unaffected rhosdt-3.7-1762255881 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.7.1","version":"unaffected rhosdt-3.7-1762254530 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.7.1","version":"unaffected rhosdt-3.7-1762254519 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.7.1","version":"unaffected rhosdt-3.7-1762254545 * rpm","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-05-29T06:48:59.169Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-06-24T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"Red Hat would like to thank Ronald Crane for reporting this issue.","lang":"en"}],"nvd_cpes":[{"cve_year":"2025","cve_id":"5318","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libssh","cpe5":"libssh","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"5318","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"5318","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"5318","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"5318","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"5318","cve":"CVE-2025-5318","epss":"0.023940000","percentile":"0.819460000","score_date":"2026-07-02","updated_at":"2026-07-03 00:06:14"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-5318","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-03-18T20:41:38.314148Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-03-18T20:41:54.510Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://www.libssh.org/","defaultStatus":"unaffected","packageName":"libssh","versions":[{"lessThan":"0.11.2","status":"affected","version":"0","versionType":"semver"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10.0"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.11.1-4.el10_0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10.1"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.11.1-4.el10_1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.9.6-15.el8_10","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.9.6-15.el8_10","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.2::appstream","cpe:/o:redhat:rhel_aus:8.2::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.9.0-4.el8_2.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.9.4-2.el8_4.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.9.4-2.el8_4.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.9.6-4.el8_6.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.9.6-4.el8_6.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.9.6-4.el8_6.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.9.6-13.el8_8.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.9.6-13.el8_8.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.10.4-15.el9_6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.10.4-15.el9_7","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.10.4-15.el9_6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.10.4-15.el9_7","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream","cpe:/o:redhat:rhel_e4s:9.0::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.9.6-3.el9_0.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream","cpe:/o:redhat:rhel_e4s:9.2::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.10.4-9.el9_2.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream","cpe:/o:redhat:rhel_eus:9.4::baseos"],"defaultStatus":"affected","packageName":"libssh","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.10.4-13.el9_4.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.12::el8"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.12","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"412.86.202511191939-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.13::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.13","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"413.92.202511261311-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.14::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.14","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"414.92.202511122212-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.15::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.15","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"415.92.202601271320-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.16::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.16","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"416.94.202601071926-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.17::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.17","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"417.94.202510282022-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.18::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.18","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"418.94.202511041748-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.19::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.19","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"4.19.9.6.202510281054-0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4.20","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"4.20.9.6.202510290321-0","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"defaultStatus":"affected","packageName":"rhaiis/vllm-cuda-rhel9","product":"Red Hat AI Inference Server 3.2","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"3.2.2-1765379088","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"defaultStatus":"affected","packageName":"rhaiis/vllm-rocm-rhel9","product":"Red Hat AI Inference Server 3.2","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"3.2.2-1765379049","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"defaultStatus":"affected","packageName":"rhaiis/model-opt-cuda-rhel9","product":"Red Hat AI Inference Server 3.2","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"3.2.2-1764871796","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"defaultStatus":"affected","packageName":"rhaiis/vllm-cuda-rhel9","product":"Red Hat AI Inference Server 3.2","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1772160593","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"defaultStatus":"affected","packageName":"rhaiis/vllm-rocm-rhel9","product":"Red Hat AI Inference Server 3.2","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1772160625","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.7::el8"],"defaultStatus":"affected","packageName":"rhosdt/tempo-gateway-opa-rhel8","product":"Red Hat OpenShift distributed tracing 3.7.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.7-1762254546","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.7::el8"],"defaultStatus":"affected","packageName":"rhosdt/tempo-gateway-rhel8","product":"Red Hat OpenShift distributed tracing 3.7.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.7-1762254552","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.7::el8"],"defaultStatus":"affected","packageName":"rhosdt/tempo-jaeger-query-rhel8","product":"Red Hat OpenShift distributed tracing 3.7.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.7-1762255881","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.7::el8"],"defaultStatus":"affected","packageName":"rhosdt/tempo-query-rhel8","product":"Red Hat OpenShift distributed tracing 3.7.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.7-1762254530","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.7::el8"],"defaultStatus":"affected","packageName":"rhosdt/tempo-rhel8","product":"Red Hat OpenShift distributed tracing 3.7.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.7-1762254519","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.7::el8"],"defaultStatus":"affected","packageName":"rhosdt/tempo-rhel8-operator","product":"Red Hat OpenShift distributed tracing 3.7.1","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"rhosdt-3.7-1762254545","versionType":"rpm"}]}],"credits":[{"lang":"en","value":"Red Hat would like to thank Ronald Crane for reporting this issue."}],"datePublic":"2025-06-24T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-125","description":"Out-of-bounds Read","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T10:40:26.453Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2025:18231","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:18231"},{"name":"RHSA-2025:18275","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:18275"},{"name":"RHSA-2025:18286","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:18286"},{"name":"RHSA-2025:19012","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:19012"},{"name":"RHSA-2025:19098","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:19098"},{"name":"RHSA-2025:19101","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:19101"},{"name":"RHSA-2025:19295","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:19295"},{"name":"RHSA-2025:19300","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:19300"},{"name":"RHSA-2025:19313","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:19313"},{"name":"RHSA-2025:19400","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:19400"},{"name":"RHSA-2025:19401","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:19401"},{"name":"RHSA-2025:19470","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:19470"},{"name":"RHSA-2025:19472","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:19472"},{"name":"RHSA-2025:19807","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:19807"},{"name":"RHSA-2025:19864","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:19864"},{"name":"RHSA-2025:20943","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:20943"},{"name":"RHSA-2025:21013","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:21013"},{"name":"RHSA-2025:21329","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:21329"},{"name":"RHSA-2025:21829","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:21829"},{"name":"RHSA-2025:22275","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:22275"},{"name":"RHSA-2025:23078","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"name":"RHSA-2025:23079","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"name":"RHSA-2025:23080","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"name":"RHSA-2026:0326","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:0326"},{"name":"RHSA-2026:1541","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:1541"},{"name":"RHSA-2026:3461","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"name":"RHSA-2026:3462","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-5318"},{"name":"RHBZ#2369131","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369131"},{"url":"https://www.libssh.org/security/advisories/CVE-2025-5318.txt"}],"timeline":[{"lang":"en","time":"2025-05-29T06:48:59.169Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-06-24T00:00:00.000Z","value":"Made public."}],"title":"Libssh: out-of-bounds read in sftp_handle()","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-125: Out-of-bounds Read"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2025-5318","datePublished":"2025-06-24T14:10:07.188Z","dateReserved":"2025-05-29T07:01:42.703Z","dateUpdated":"2026-06-30T10:40:26.453Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-06-24 14:15:30","lastModifiedDate":"2026-06-30 11:16:24","problem_types":["CWE-125","CWE-125 Out-of-bounds Read"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-18T20:41:38.314148Z","id":"CVE-2025-5318","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionEndExcluding":"0.11.2","matchCriteriaId":"6E05F605-6E29-4F09-96DF-A1E1B29D0C3C"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"5318","Ordinal":"1","Title":"Libssh: out-of-bounds read in sftp_handle()","CVE":"CVE-2025-5318","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"5318","Ordinal":"1","NoteData":"A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.","Type":"Description","Title":"Libssh: out-of-bounds read in sftp_handle()"}]}}}