PatchSiren cyber security CVE debrief
CVE-2025-15661 libssh2 CVE debrief
CVE-2025-15661 is a high-severity vulnerability in libssh2, a popular SSH library. An out-of-bounds heap read vulnerability exists in the sftp_symlink() function, allowing a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash. The vulnerability is triggered by a crafted SSH_FXP_NAME response, which can be sent during SFTP READLINK and REALPATH operations. Attackers can exploit this by providing a link_len value larger than the actual packet data, leading to a heap buffer over-read of up to target_len minus one bytes. This issue was fixed in commit 2dae302 and affects libssh2 versions up to 1.11.1. Users should update to the latest version to mitigate this vulnerability.
- Vendor
- libssh2
- Product
- Unknown
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-18
- Original CVE updated
- 2026-06-22
- Advisory published
- 2026-06-18
- Advisory updated
- 2026-06-22
Who should care
Developers and administrators using libssh2 in their applications, especially those involving SFTP operations, should be aware of this vulnerability. This includes users of secure file transfer protocols and any applications relying on libssh2 for SSH functionality. Given the high CVSS score of 8.3, this vulnerability should be prioritized for patching.
Technical summary
The vulnerability exists in the sftp_symlink() function within src/sftp.c of libssh2. The function fails to validate the available packet buffer size before performing a memcpy operation. This oversight allows an attacker to provide a maliciously large link_len value in SSH_FXP_NAME responses, leading to an out-of-bounds heap read. The issue was addressed with a fix in commit 2dae302, which likely adds proper validation of packet buffer sizes.
Defensive priority
High
Recommended defensive actions
- Update libssh2 to a version beyond 1.11.1 or apply the fix from commit 2dae302.
- Review and restrict SSH server access to trusted sources only.
- Implement additional monitoring for unusual SFTP operation patterns.
- Use secure communication protocols and consider using SSH protocol enhancements.
- Limit the privileges of the libssh2 using application.
- Regularly update and patch all software components.
Evidence notes
The information provided is based on data from NVD and Vulncheck. The CVE record and NVD detail pages offer comprehensive information about this vulnerability. Additional references include GitHub commits and pull requests related to the fix.
Official resources
public