CVE-2025-5987: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-5987 is a security vulnerability affecting libssh versions 0.10.0 and later when built with OpenSSL. The vulnerability was discovered in June 2025 and involves an invalid return code handling in the OpenSSL-based implementation of the chacha20poly1305set_key() function. This vulnerability affects multiple Linux distributions including Debian, Ubuntu, and their derivatives (LibSSH Advisory).

The vulnerability stems from a mismatch between OpenSSL and libssh return value meanings, where OpenSSL's error code (rv=0) aliases with SSHOK (0) and is returned directly from the chacha20poly1305setkey() function. When an error occurs during ChaCha20 cipher initialization with OpenSSL, particularly during heap exhaustion, an invalid error code is returned. This error is not properly detected, potentially allowing libssh to operate with a partially initialized cipher context. The vulnerability has been assigned a CVSS v3.1 score of 4.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C) (LibSSH Advisory, Rapid7).

The vulnerability can lead to the use of partially initialized cipher contexts, potentially compromising the security of encrypted communications. The impact is characterized by low confidentiality, integrity, and availability risks, but requires network access and high attack complexity to exploit (LibSSH Advisory).

A fix has been released in libssh version 0.11.2. As a temporary workaround, administrators can disable the chacha20-poly1305@openssh.com cipher when libssh is compiled with the OpenSSL backend. SSH administrators are strongly advised to upgrade to the latest release or apply the available security patches (LibSSH Advisory).