VDB

CVE-2025-14821

CVE-2025-14821 PUBLISHED CVSS 7.800000190734863 HIGH

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:\etc directory, which can be created and modified by unprivileged local users.

EPSS 0.01% · 2.0th percentile

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.01%
2.0th percentile

Affected Products

VendorProductVersions
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux 9
Red HatRed Hat Hardened Images 1
Red HatRed Hat Enterprise Linux 10
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 8

Timeline

  • Feb 17, 2026 PoC Published
  • Apr 7, 2026 CVE Published
  • Apr 7, 2026 Security Advisory
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 29, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›