Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2025-14821
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 2 weeks ago
  • @LeSuisse ignored
    7 packages
    • haskellPackages.libssh
    • haskellPackages.libssh2
    • haskellPackages.libssh2-conduit
    • python312Packages.ansible-pylibssh
    • python313Packages.ansible-pylibssh
    • python314Packages.ansible-pylibssh
    • tests.pkg-config.defaultPkgConfigPackages.libssh2
    1 month, 2 weeks ago
  • @LeSuisse dismissed 1 month, 2 weeks ago
Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:\etc directory, which can be created and modified by unprivileged local users.

Affected products

rhcos
libssh
libssh2

Matching in nixpkgs

Ignored packages (7)

Package maintainers

Windows, not an issue for us