CVE-2025-54804
Last modified
CVE-2025-54804 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. EPSS estimates a 0.37% chance of exploitation in the next 30 days.
Description
Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an internal state value. This can result in a integer overflow. If the Rust code is compiled with overflow checks, it will panic. A malicious client can crash a server. This is fixed in version 0.54.1.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Russh Project | Russh | < 0.54.1 |
| Warpgate Project | Warpgate | < 0.16.0 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-54804?
How severe is CVE-2025-54804?
How do I fix CVE-2025-54804?
Are you affected by CVE-2025-54804?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST