AI Threat Alert
CVE-2025-5318
HIGHA flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in...
Full CISO analysis pending enrichment.
What systems are affected?
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| vLLM | pip | — | No patch |
| vLLM | pip | — | No patch |
| libssh | — | — | No patch |
| rhaiis/model-opt-cuda-rhel9 | — | — | No patch |
| rhcos | — | — | No patch |
| rhosdt/tempo-gateway-opa-rhel8 | — | — | No patch |
| rhosdt/tempo-gateway-rhel8 | — | — | No patch |
| rhosdt/tempo-jaeger-query-rhel8 | — | — | No patch |
| rhosdt/tempo-query-rhel8 | — | — | No patch |
| rhosdt/tempo-rhel8 | — | — | No patch |
| rhosdt/tempo-rhel8-operator | — | — | No patch |
How severe is it?
What is the attack surface?
What should I do?
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Which compliance frameworks are affected?
Compliance analysis pending. Sign in for full compliance mapping when available.
Frequently Asked Questions
What is CVE-2025-5318?
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
Is CVE-2025-5318 actively exploited?
No confirmed active exploitation of CVE-2025-5318 has been reported, but organizations should still patch proactively.
How to fix CVE-2025-5318?
No patch is currently available. Monitor vendor advisories for updates.
What is the CVSS score for CVE-2025-5318?
CVE-2025-5318 has a CVSS v3.1 base score of 8.1 (HIGH).
What are the technical details?
Original Advisory
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
Weaknesses (CWE)
CWE-125 — Out-of-bounds Read: The product reads data past the end, or before the beginning, of the intended buffer.
- [Implementation] Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue." Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylis
- [Architecture and Design] Use a language that provides appropriate memory abstractions.
Source: MITRE CWE corpus.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H References
- access.redhat.com/errata/RHSA-2025:18231 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:18275 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:18286 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:19012 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:19098 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:19101 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:19295 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:19300 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:19313 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:19400 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:19401 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:19470 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:19472 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:19807 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:19864 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:20943 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:21013 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:21329 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:21829 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:22275 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:23078 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:23079 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:23080 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2026:0326 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2026:1541 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2026:3461 vendor-advisory x_refsource_REDHAT
- access.redhat.com/errata/RHSA-2026:3462 vendor-advisory x_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2025-5318 vdb-entry x_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgi issue-tracking x_refsource_REDHAT
- libssh.org/security/advisories/CVE-2025-5318.txt
Timeline
Related Vulnerabilities
CVE-2024-9053 9.8 vllm: RCE via unsafe pickle deserialization in RPC server
Same package: vllm CVE-2026-25960 9.8 vllm: SSRF allows internal network access
Same package: vllm CVE-2025-47277 9.8 vLLM: RCE via exposed TCPStore in distributed inference
Same package: vllm CVE-2024-11041 9.8 vllm: RCE via unsafe pickle deserialization in MessageQueue
Same package: vllm CVE-2025-32444 9.8 vLLM: RCE via pickle deserialization on ZeroMQ
Same package: vllm