CVE-2025-54804
📋 TL;DR
This vulnerability in the Russh SSH library allows integer overflow when processing SSH channel window adjust messages, potentially causing a denial-of-service. Attackers can crash servers by sending malicious window size values. Systems using Russh versions 0.54.0 and below are affected.
💻 Affected Systems
- russh SSH client and server library
📦 What is this software?
Russh by Russh Project
Warpgate by Warpgate Project
⚠️ Risk & Real-World Impact
Worst Case
Malicious client causes server crash leading to complete denial-of-service for SSH services
Likely Case
Targeted DoS attacks against vulnerable SSH servers causing service disruption
If Mitigated
Minimal impact with proper network segmentation and monitoring
🎯 Exploit Status
Requires SSH client access and knowledge of the protocol
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.54.1
Vendor Advisory: https://github.com/Eugeny/russh/security/advisories/GHSA-h5rc-j5f5-3gcm
Restart Required: No
Instructions:
1. Update Russh dependency to version 0.54.1 or higher
2. Rebuild and redeploy affected applications
3. Test SSH functionality
🔧 Temporary Workarounds
Disable overflow checks
allCompile Rust code without overflow checks (not recommended for security)
Add to Cargo.toml: [profile.release] overflow-checks = false
🧯 If You Can't Patch
- Implement network segmentation to restrict SSH access to trusted sources only
- Deploy rate limiting on SSH connections to prevent rapid exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check Cargo.toml or Cargo.lock for russh version <=0.54.0Check Version:
grep -r "russh" Cargo.toml Cargo.lockVerify Fix Applied:
Verify russh version is >=0.54.1 in dependencies📡 Detection & Monitoring
Log Indicators:
- SSH server crashes or panics
- Unexpected connection resets
Network Indicators:
- Multiple SSH connections with abnormal window size adjustments
SIEM Query:
source="ssh" AND (event="panic" OR event="crash")