CVE-2025-22869

Public on 2025-02-26

Modified on 2025-03-18

Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Severity

Important

CVSS v3 Base Score

7.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 2 - Core	amazon-cloudwatch-agent			Not Affected
Amazon Linux 2023	amazon-cloudwatch-agent			Not Affected
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra	amazon-ecr-credential-helper			Not Affected
Amazon Linux 2 - Docker Extra	amazon-ecr-credential-helper			Not Affected
Amazon Linux 2 - Ecs Extra	amazon-ecr-credential-helper			Not Affected
Amazon Linux 2023	amazon-ecr-credential-helper			Not Affected
Amazon Linux 1	amazon-ssm-agent			Pending Fix
Amazon Linux 2 - Core	amazon-ssm-agent			Pending Fix
Amazon Linux 2023	amazon-ssm-agent			Pending Fix
Amazon Linux 2 - Core	cni-plugins			Not Affected
Amazon Linux 2023	cni-plugins			Not Affected
Amazon Linux 1	containerd			Not Affected
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra	containerd			Not Affected
Amazon Linux 2 - Docker Extra	containerd			Not Affected
Amazon Linux 2 - Ecs Extra	containerd			Not Affected
Amazon Linux 2023	containerd			Not Affected
Amazon Linux 2 - Core	cri-tools			Not Affected
Amazon Linux 1	docker			Not Affected
Amazon Linux 2 - Docker Extra	docker	2025-04-09	ALAS2DOCKER-2025-056	Fixed
Amazon Linux 2 - Ecs Extra	docker	2025-04-09	ALAS2ECS-2025-054	Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra	docker	2025-04-09	ALAS2NITRO-ENCLAVES-2025-053	Fixed
Amazon Linux 2023	docker	2025-04-09	ALAS2023-2025-934	Fixed
Amazon Linux 2 - Ecs Extra	ecs-init			Not Affected
Amazon Linux 2023	ecs-init			Not Affected
Amazon Linux 1	golang			Not Affected
Amazon Linux 2 - Core	golang			Not Affected
Amazon Linux 2023	golang			Not Affected
Amazon Linux 2 - Core	golang-github-cpuguy83-go-md2man			Not Affected
Amazon Linux 2 - Core	golist			Not Affected
Amazon Linux 2 - Core	nerdctl			Not Affected
Amazon Linux 2023	nerdctl			Not Affected
Amazon Linux 1	runc			Not Affected
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra	runc			Not Affected
Amazon Linux 2 - Docker Extra	runc			Not Affected
Amazon Linux 2 - Ecs Extra	runc			Not Affected
Amazon Linux 2023	runc			Not Affected
Amazon Linux 2 - Docker Extra	runfinch-finch	2025-03-26	ALAS2DOCKER-2025-053	Fixed
Amazon Linux 2023	runfinch-finch	2025-03-26	ALAS2023-2025-914	Fixed
Amazon Linux 2 - Docker Extra	soci-snapshotter			Not Affected
Amazon Linux 2023	soci-snapshotter			Not Affected

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD	CVSSv3	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2025-22869 Mitre: CVE-2025-22869