VDB
JLSEC-2025-100
JLSEC-2025-100
PUBLISHED
CVSS 9.300000190734863 CRITICAL
A flaw was found in the SFTP server message decoding logic of libssh
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Julia | libssh_jll | 0.11.0+0, 0.11.0+0 |
Timeline
- Oct 19, 2025 CVE Published
- Nov 6, 2025 CVE Updated
References
- https://access.redhat.com/security/cve/CVE-2025-5449 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2369705 url
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811f url
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4da url
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=5504ff40515439a5fecbb17da7483000c4d12eb7 url
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=78485f446af9b30e37eb8f177b81940710d54496 url
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb url
- https://www.libssh.org/security/advisories/CVE-2025-5449.txt url