Key Information Vulnerability Overview CVE ID: CVE-2025-8114 Impact Level: Medium CVSS v3 Score: 4.7 Description A vulnerability has been identified in libssh, a library implementing the SSH protocol. During the key exchange (KEX) process, when computing the session ID, a call to an encryption public function may result in a NULL pointer dereference. This could lead to a crash of the SSH client or server. Statement The Red Hat Product Security team has assessed the security impact of this vulnerability and determined it to be of medium risk, with a local attack vector and high exploit complexity. While a specific configuration is required for successful exploitation, a successful exploit could cause an SSH client or a running libssh instance to crash. Mitigation Currently, no mitigations are available, or the available options do not meet Red Hat Product Security standards, including considerations of scope, deployment applicability, and maintainability across a broad installation base. Affected Packages and Red Hat Security Advisories Red Hat Enterprise Linux 9: Will be fixed Red Hat Enterprise Linux 8: Will be fixed Red Hat Enterprise Linux 7: Not affected Red Hat Enterprise Linux 6: Will be fixed Red Hat Enterprise Linux 5: Will be fixed Red Hat OpenShift Container Platform 4: Will be fixed CVSS v3 Score Details Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: None Integrity Impact: None Availability Impact: High Weakness Understanding (CWE) CWE-476: NULL Pointer Dereference Acknowledgments Thanks to Jakub Jelen and Philippe Antoine for reporting this issue.