Integer overflow in libssh - CVE-2025-5449
Published: September 12, 2025 / Updated: February 24, 2026
Vulnerability identifier: #VU115174
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-5449
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: libssh
Affected software:
libssh
libssh
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an incorrect packet length check within the SFTP server message decoding logic when handling large payload sizes on 32-bit systems. A remote attacker can trick the victim into connecting to a malicious server, trigger an integer overflow and crash the application.
How to mitigate CVE-2025-5449
Install updates from vendor's website.
Sources
- https://access.redhat.com/security/cve/CVE-2025-5449
- https://bugzilla.redhat.com/show_bug.cgi?id=2369705
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811f
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4da
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=5504ff40515439a5fecbb17da7483000c4d12eb7
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=78485f446af9b30e37eb8f177b81940710d54496
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb
- https://www.libssh.org/security/advisories/CVE-2025-5449.txt