CVE-2025-5351 Red Hat CVE debrief

Who should care

Organizations running applications that perform SSH key export operations using libssh versions 0.10.0 through 0.11.1, particularly those deployed on Red Hat Enterprise Linux 6-10 or OpenShift Container Platform 4.0. System administrators managing SSH infrastructure and developers building applications with libssh's key management APIs should prioritize patching.

Technical summary

The vulnerability resides in libssh's internal key serialization function. During error path execution, a pointer is freed but not nulled; if a second error occurs before function exit, the same pointer may be freed again, causing heap corruption. The condition is reachable during cryptographic key export operations and is exacerbated in resource-constrained environments. The fix ensures proper pointer hygiene in error handling paths.

Defensive priority

medium

Recommended defensive actions

• Upgrade libssh to version 0.11.2 or later to eliminate the double-free condition in key export operations.
• Apply Red Hat security advisory RHSA-2026:18683 for supported Enterprise Linux and OpenShift Container Platform deployments.
• Monitor application logs for instability or crashes during SSH key export operations as potential indicators of exploitation attempts.
• Review custom applications using libssh for direct key export API calls and ensure proper error handling patterns.
• Consider memory allocation limits and monitoring in low-memory environments where key export operations occur frequently.

Evidence notes

Vulnerability description and CPE criteria sourced from NVD modified feed. CWE-415 classification and CVSS vector confirmed via NVD metadata. Red Hat advisory RHSA-2026:18683 and Bugzilla tracking issue 2369367 provide vendor confirmation and remediation status.

Official resources