CVE-2025-4878 LOW

CVE-2025-4878: Libssh: use of uninitialized variable in privatekey_from_file()

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-416
Published July 22, 2025
Last update May 19, 2026

CVSS base score

3.6/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.

Key dates

02Disclosure timeline

July 22, 2025 CVE published
May 19, 2026 Record updated