216.73.217.86

CVE-2025-61984

· Published 06/10/2025 19:15 · Modified 07/10/2025 14:15

Labels: CVE-2025-61984 2025-10-06CVE-2025-61984CWE-159[email protected]

Essential information

Published
06/10/2025 19:15
Modified
07/10/2025 14:15
Author
Creator
CVSS
3.6 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
openssh / openssh cpe:2.3:a:openssh:openssh:<10.1:*:*:*:*:*:*

References