CVE-2025-61985

Опубликовано: 06 окт. 2025

Источник: debian

EPSS Низкий

Описание

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

Пакет	Статус	Версия исправления	Релиз	Тип
openssh	fixed	1:10.1p1-1		package
openssh	fixed	1:10.0p1-7+deb13u1	trixie	package
openssh	no-dsa		bookworm	package
openssh	postponed		bullseye	package

https://www.openwall.com/lists/oss-security/2025/10/06/1
https://github.com/openssh/openssh-portable/commit/43b3bff47bb029f2299bacb6a36057981b39fdb0 (V_10_1_P1)

EPSS

Процентиль: 4%

0.00016

Низкий

CVE-2025-61985

CVSS3: 3.6

ubuntu

6 месяцев назад

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

CVE-2025-61985

CVSS3: 5.3

redhat

6 месяцев назад

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

CVE-2025-61985

CVSS3: 3.6

nvd

6 месяцев назад

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

CVE-2025-61985

CVSS3: 3.6

msrc

6 месяцев назад

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

GHSA-8gmf-r74v-362p

CVSS3: 3.6

github

6 месяцев назад

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

EPSS

Процентиль: 4%

0.00016

Низкий