VDB
CVE-2025-14821
CVE-2025-14821
PUBLISHED
CVSS 7.800000190734863 HIGH
A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:\etc directory, which can be created and modified by unprivileged local users.
EPSS 0.01% · 2.0th percentile
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.01%
2.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Hardened Images 1 | |
| Red Hat | Red Hat Enterprise Linux 10 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 8 |
Exploit Intelligence
- CIRCL seen: CVE-2025-14821 (circl-sighting)
- https://access.redhat.com/security/cve/CVE-2025-14821 (circl)
- RHBZ#2423148 (circl)
- https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ (circl)
- seen_cves.json (github-poc)
- seen_cves.json (github-poc)
- seen_cves.json (github-poc)
- seen_cves.json (github-poc)
Timeline
- Feb 17, 2026 PoC Published
- Apr 7, 2026 CVE Published
- Apr 7, 2026 Security Advisory
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 29, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score