CVE-2025-15079

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:H/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions libssh (affected versions not specified)

Description The libssh software contains a flaw related to a global knownhost override. This issue could potentially allow an attacker to bypass host key verification, potentially leading to man-in-the-middle attacks. The issue involves the way libssh handles known hosts, allowing for a global override of host key checks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-297

Related Identifiers

BDU:2026-03453

CVE-2025-15079

ECHO-77BA-E0AF-7BBD

JLSEC-2026-430

MGASA-2026-0003

OESA-2026-1190

OESA-2026-1191

OESA-2026-1192

OESA-2026-1193

OESA-2026-1194

OESA-2026-1195

OPENSUSE-SU-2026:10017-1

OPENSUSE-SU-2026:20031-1

RHSA-2026:6893

SUSE-SU-2026:0050-1

SUSE-SU-2026:0051-1

SUSE-SU-2026:0052-1

SUSE-SU-2026:0066-1

SUSE-SU-2026:0508-1

SUSE-SU-2026:20042-1

SUSE-SU-2026:20062-1

SUSE-SU-2026:20082-1

SUSE-SU-2026:20110-1

USN-8062-1

USN-8062-2

Affected Products

Debian

Linuxmint

Red Os

Ubuntu

Libssh

CVE-2025-15079

Weakness Enumeration

Related Identifiers

Affected Products

References · 96