PatchSiren cyber security CVE debrief
CVE-2025-14821 Red Hat CVE debrief
CVE-2025-14821 is a high-severity vulnerability in libssh that allows local man-in-the-middle attacks, security downgrades of SSH connections, and manipulation of trusted host information. The vulnerability poses a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems. The library automatically loads configuration files from the C: etc directory, which can be created and modified by unprivileged local users. This vulnerability has a CVSS score of 7.8 and is considered HIGH severity. The CVE was published on April 7, 2026, and last modified on June 25, 2026.
- Vendor
- Red Hat
- Product
- Red Hat Hardened Images
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-07
- Original CVE updated
- 2026-06-25
- Advisory published
- 2026-04-07
- Advisory updated
- 2026-06-25
Who should care
System administrators and security teams responsible for managing SSH connections and libssh installations, especially on Windows systems, should be aware of this vulnerability. They should assess their exposure and take necessary steps to mitigate the risk. Additionally, developers and users of libssh should be aware of the insecure default configuration and take steps to secure their installations.
Technical summary
The vulnerability in libssh allows local man-in-the-middle attacks and security downgrades of SSH connections due to an insecure default configuration on Windows systems. The library loads configuration files from the C: etc directory, which can be modified by unprivileged local users. This allows attackers to manipulate trusted host information and compromise SSH communications. The vulnerability has a CVSS score of 7.8 and is considered HIGH severity.
Defensive priority
High priority should be given to patching or mitigating this vulnerability, especially on Windows systems where libssh is used. System administrators and security teams should assess their exposure and take necessary steps to secure their installations.
Recommended defensive actions
- Patch libssh installations to the latest version, which addresses this vulnerability.
- Review and modify the libssh configuration to prevent loading configuration files from untrusted directories.
- Implement additional security measures, such as monitoring and logging, to detect and respond to potential attacks.
- Conduct a thorough risk assessment to identify and prioritize vulnerable systems.
- Develop and implement a remediation plan to address vulnerable systems.
Evidence notes
The CVE-2025-14821 vulnerability in libssh has a CVSS score of 7.8 and is considered HIGH severity. The vulnerability allows local man-in-the-middle attacks and security downgrades of SSH connections due to an insecure default configuration on Windows systems. The library loads configuration files from the C: etc directory, which can be modified by unprivileged local users. The CVE was published on April 7, 2026, and last modified on June 25, 2026.
Official resources
-
CVE-2025-14821 CVE record
CVE.org
-
CVE-2025-14821 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes
This article is AI-assisted and based on the supplied source corpus.