CVE-2025-8277
3.1
LOW
CVSS 3.1
EPSS 0.06%
Description
A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.
How to fix CVE-2025-8277
To remediate CVE-2025-8277, upgrade the affected package to a fixed version below.
- —upgrade to 0.9.8-0+deb11u2 or later
Is CVE-2025-8277 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.9.8-0+deb11u2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.1 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |