Slackware Linux 15.0 / current libssh Multiple Vulnerabilities (SSA:2025-175-01)

🗓️ 25 Jun 2025 00:00:00Reported by TenableType

Slackware Linux 15.0/libssh has multiple vulnerabilities requiring package upgrade for security.

Reporter	Title	Published	Views	Family All 573
IBM Security Bulletins	Security Bulletin: Muliple security vulnerabilities found in IBM CICS TX Standard.	22 Apr 202614:23	–	ibm
IBM Security Bulletins	Security Bulletin: TSSC/IMC addresses multiple security vulnerabilities.	25 Feb 202617:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image	3 Mar 202613:53	–	ibm
IBM Security Bulletins	Security Bulletin: Enumeration of users, compromised data confidentiality and integrity, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service	23 Mar 202616:22	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.17.0 shipped with IBM Cloud Pak for Business Automation iFixes for April 2026	27 May 202609:11	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in libssh library (CVE-2025-5372) affects Power HMC.	6 Apr 202606:06	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.	26 May 202606:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization	9 Feb 202614:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities exists in IBM Netezza Software	19 Jun 202617:22	–	ibm
IBM Security Bulletins	Security Bulletin: TSSC/IMC is vulnerable to an Out-of-bounds Read	23 Dec 202516:47	–	ibm

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
#
# The descriptive text and package checks in this plugin were
# extracted from Slackware Security Advisory SSA:2025-175-01. The text
# itself is copyright (C) Slackware Linux, Inc.
##

include('compat.inc');

if (description)
{
  script_id(240488);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id(
    "CVE-2025-4877",
    "CVE-2025-4878",
    "CVE-2025-5318",
    "CVE-2025-5351",
    "CVE-2025-5372",
    "CVE-2025-5449",
    "CVE-2025-5987"
  );
  script_xref(name:"IAVA", value:"2025-A-0462-S");

  script_name(english:"Slackware Linux 15.0 / current libssh  Multiple Vulnerabilities (SSA:2025-175-01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Slackware Linux host is missing a security update to libssh.");
  script_set_attribute(attribute:"description", value:
"The version of libssh installed on the remote host is prior to 0.11.2. It is, therefore, affected by multiple
vulnerabilities as referenced in the SSA:2025-175-01 advisory.

    New libssh packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the libssh security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.392586
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5fb6d893");
  script_set_attribute(attribute:"solution", value:
"Upgrade the affected libssh package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-5318");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/06/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/06/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:libssh");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:15.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Slackware Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");

  exit(0);
}

include("slackware.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);

var flag = 0;
var constraints = [
    { 'fixed_version' : '0.11.2', 'product' : 'libssh', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'i586' },
    { 'fixed_version' : '0.11.2', 'product' : 'libssh', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'x86_64' },
    { 'fixed_version' : '0.11.2', 'product' : 'libssh', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'i686' },
    { 'fixed_version' : '0.11.2', 'product' : 'libssh', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'x86_64' }
];

foreach var constraint (constraints) {
    var pkg_arch = constraint['arch'];
    var arch = NULL;
    if (pkg_arch == "x86_64") {
        arch = pkg_arch;
    }
    if (slackware_check(osver:constraint['os_version'],
                        arch:arch,
                        pkgname:constraint['product'],
                        pkgver:constraint['fixed_version'],
                        pkgarch:pkg_arch,
                        pkgnum:constraint['service_pack'])) flag++;
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : slackware_report_get()
  );
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

21 Jan 2026 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.18.1 - 8.8

EPSS0.02394

SSVC