CVE-2025-4878

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-4878

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4878.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-4878

Downstream

AZL-65643

AZL-65646

BELL-CVE-2025-4878

CLSA-2026-1779467653

DEBIAN-CVE-2025-4878

DLA-4385-1

MGASA-2026-0189

OESA-2025-2127

OESA-2025-2128

OESA-2025-2129

OESA-2025-2130

OESA-2025-2132

OESA-2025-2294

RHSA-2026:18683

RLSA-2026:18683

SUSE-SU-2025:02229-1

SUSE-SU-2025:02278-1

SUSE-SU-2025:02279-1

SUSE-SU-2025:02281-1

SUSE-SU-2025:02755-1

SUSE-SU-2025:20557-1

SUSE-SU-2025:20596-1

UBUNTU-CVE-2025-4878

USN-7619-1

USN-7696-1

openSUSE-SU-2025:15243-1

Related

Published

2025-07-22T15:15:36Z

Modified

2026-05-26T16:14:21.850983507Z

Summary

[none]

Details

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.

References

Affected packages