CVE-2025-5987: A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is no...

Description

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

Metrics

CVSS 3.1

8.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.44%

69.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-393

Affected Software

Vendor	Product	Versions
Libssh	Libssh	>= 0.10.0, < 0.11.2

References

Timeline

Published: Jul 7, 2025
Last Modified: Jun 25, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2025-5987?

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

How severe is CVE-2025-5987?

CVE-2025-5987 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 1.44% probability of exploitation in the next 30 days.

How do I fix CVE-2025-5987?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.