CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-15661

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSH_FXP_NAME response. Attackers can supply a link_len value larger than the actual packet data in SSH_FXP_NAME responses for SFTP READLINK and REALPATH operations, triggering a heap buffer over-read of up to target_len minus one bytes due to the missing validation of available packet buffer size before the memcpy operation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 18.3%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2025-15661

Libssh2 » Libssh2 » Version: N/A

cpe:2.3:a:libssh2:libssh2:-
Libssh2 » Libssh2 » Version: 0.1

cpe:2.3:a:libssh2:libssh2:0.1
Libssh2 » Libssh2 » Version: 0.10

cpe:2.3:a:libssh2:libssh2:0.10
Libssh2 » Libssh2 » Version: 0.11

cpe:2.3:a:libssh2:libssh2:0.11
Libssh2 » Libssh2 » Version: 0.12

cpe:2.3:a:libssh2:libssh2:0.12
Libssh2 » Libssh2 » Version: 0.13

cpe:2.3:a:libssh2:libssh2:0.13
Libssh2 » Libssh2 » Version: 0.14

cpe:2.3:a:libssh2:libssh2:0.14
Libssh2 » Libssh2 » Version: 0.15

cpe:2.3:a:libssh2:libssh2:0.15
Libssh2 » Libssh2 » Version: 0.16

cpe:2.3:a:libssh2:libssh2:0.16
Libssh2 » Libssh2 » Version: 0.17

cpe:2.3:a:libssh2:libssh2:0.17
Libssh2 » Libssh2 » Version: 0.18

cpe:2.3:a:libssh2:libssh2:0.18
Libssh2 » Libssh2 » Version: 0.3

cpe:2.3:a:libssh2:libssh2:0.3
Libssh2 » Libssh2 » Version: 0.5

cpe:2.3:a:libssh2:libssh2:0.5
Libssh2 » Libssh2 » Version: 0.6

cpe:2.3:a:libssh2:libssh2:0.6
Libssh2 » Libssh2 » Version: 0.7

cpe:2.3:a:libssh2:libssh2:0.7
Libssh2 » Libssh2 » Version: 0.8

cpe:2.3:a:libssh2:libssh2:0.8
Libssh2 » Libssh2 » Version: 1.0

cpe:2.3:a:libssh2:libssh2:1.0
Libssh2 » Libssh2 » Version: 1.1

cpe:2.3:a:libssh2:libssh2:1.1
Libssh2 » Libssh2 » Version: 1.10.0

cpe:2.3:a:libssh2:libssh2:1.10.0
Libssh2 » Libssh2 » Version: 1.2

cpe:2.3:a:libssh2:libssh2:1.2
Libssh2 » Libssh2 » Version: 1.2.1

cpe:2.3:a:libssh2:libssh2:1.2.1
Libssh2 » Libssh2 » Version: 1.2.2

cpe:2.3:a:libssh2:libssh2:1.2.2
Libssh2 » Libssh2 » Version: 1.2.3

cpe:2.3:a:libssh2:libssh2:1.2.3
Libssh2 » Libssh2 » Version: 1.2.4

cpe:2.3:a:libssh2:libssh2:1.2.4
Libssh2 » Libssh2 » Version: 1.2.5

cpe:2.3:a:libssh2:libssh2:1.2.5
Libssh2 » Libssh2 » Version: 1.2.6

cpe:2.3:a:libssh2:libssh2:1.2.6
Libssh2 » Libssh2 » Version: 1.2.7

cpe:2.3:a:libssh2:libssh2:1.2.7
Libssh2 » Libssh2 » Version: 1.2.8

cpe:2.3:a:libssh2:libssh2:1.2.8
Libssh2 » Libssh2 » Version: 1.2.9

cpe:2.3:a:libssh2:libssh2:1.2.9
Libssh2 » Libssh2 » Version: 1.3.0

cpe:2.3:a:libssh2:libssh2:1.3.0
Libssh2 » Libssh2 » Version: 1.4.0

cpe:2.3:a:libssh2:libssh2:1.4.0
Libssh2 » Libssh2 » Version: 1.4.1

cpe:2.3:a:libssh2:libssh2:1.4.1
Libssh2 » Libssh2 » Version: 1.4.2

cpe:2.3:a:libssh2:libssh2:1.4.2
Libssh2 » Libssh2 » Version: 1.4.3

cpe:2.3:a:libssh2:libssh2:1.4.3
Libssh2 » Libssh2 » Version: 1.5.0

cpe:2.3:a:libssh2:libssh2:1.5.0
Libssh2 » Libssh2 » Version: 1.6.0

cpe:2.3:a:libssh2:libssh2:1.6.0
Libssh2 » Libssh2 » Version: 1.7.0

cpe:2.3:a:libssh2:libssh2:1.7.0
Libssh2 » Libssh2 » Version: 1.8.0

cpe:2.3:a:libssh2:libssh2:1.8.0
Libssh2 » Libssh2 » Version: 1.8.1

cpe:2.3:a:libssh2:libssh2:1.8.1
Libssh2 » Libssh2 » Version: 1.8.2

cpe:2.3:a:libssh2:libssh2:1.8.2
Libssh2 » Libssh2 » Version: 1.9.0

cpe:2.3:a:libssh2:libssh2:1.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-15661

Products

Pricing

Contact Us