CVE-2025-14821

Name of the Vulnerable Software and Affected Versions libssh (affected versions not specified)

Description A flaw exists in libssh that allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information. This poses a risk to the confidentiality, integrity, and availability of SSH communications. The issue stems from an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:etc directory, which can be created and modified by unprivileged local users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.