QwikSec

Security Database

CVE

CWE

Training

CVE-2025-4878

Published: Jul 22, 2025

Modified: May 19, 2026

PUBLISHED

CVSS v3.1

3.6

LOW

Description

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.

Vendor	Product	Versions
Unknown	libssh	affected `0 - < 0.11.2`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:0.10.4-18.el9 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:0.10.4-18.el9 - < *`
Red Hat	Red Hat Enterprise Linux 10	All versions
Red Hat	Red Hat Enterprise Linux 6	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions
Red Hat	Red Hat Enterprise Linux 8	All versions
Red Hat	Red Hat OpenShift Container Platform 4	All versions

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

RHSA-2026:18683

vendor-advisory

x_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2025-4878

vdb-entry

x_refsource_REDHAT

issue-tracking

x_refsource_REDHAT

https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1

https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb

https://www.libssh.org/security/advisories/CVE-2025-4878.txt

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.