CVE-2025-54804
🔶 mediumSummary
Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an internal state value. This can result in a integer overflow. If the Rust code is compiled with overflow checks, it will panic. A malicious client can crash a server. This is fixed in version 0.54.1.
CVSS Score
6.5
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2025-08-05
First Seen: 2026-01-05
📊 Relative Risk Intelligence
This CVE is Lower Risk - more severe than 47.8% of all 321,566 vulnerabilities in our database.
#167,705
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Aug 5, 2025
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by
CISA
Last Modified
2025-08-13
Source
NVD 🔗
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)