Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-32728

Опубликовано: 10 апр. 2025
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

A flaw was found in OpenSSH. In affected versions of sshd, the DisableForwarding directive does not fully adhere to the intended functionality as documented. Specifically, it fails to disable X11 and agent forwarding, which may allow unintended access under certain configurations.

Отчет

Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-440: Expected Behavior Violation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Access enforcement and least privilege limit user actions to only those explicitly permitted, reducing the risk of behavior outside defined boundaries. System configurations follow hardened baselines that disable unnecessary features and restrict execution to approved functions. Boundary protection isolates workloads and validates traffic to ensure interaction occurs only through authorized interfaces. Systems are designed to fail in a known state during unexpected input or failure to maintain stability. Additionally, real-time monitoring detects behavioral deviations, enabling a timely response and containment.

Меры по смягчению последствий

To mitigate this vulnerability, explicitly disable X11 and agent forwarding in your SSH configuration (sshd_config) using: X11Forwarding no AllowAgentForwarding no

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10opensshFix deferred
Red Hat Enterprise Linux 6opensshFix deferred
Red Hat Enterprise Linux 7opensshFix deferred
Red Hat Enterprise Linux 8opensshFix deferred
Red Hat Enterprise Linux 9opensshFix deferred
Red Hat OpenShift Container Platform 4rhcosFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-440
https://bugzilla.redhat.com/show_bug.cgi?id=2358767openssh: OpenSSH SSHD Agent Forwarding and X11 Forwarding

EPSS

Процентиль: 8%
0.00033
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-32728

CVSS3: 4.3
ubuntu
4 месяца назад

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

nvd логотип

CVE-2025-32728

CVSS3: 4.3
nvd
4 месяца назад

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

msrc логотип

CVE-2025-32728

CVSS3: 3.8
msrc
4 месяца назад

Описание отсутствует

debian логотип

CVE-2025-32728

CVSS3: 4.3
debian
4 месяца назад

In sshd in OpenSSH before 10.0, the DisableForwarding directive does n ...

suse-cvrf логотип

SUSE-SU-2025:1576-1

suse-cvrf
3 месяца назад

Security update for openssh

EPSS

Процентиль: 8%
0.00033
Низкий

4.3 Medium

CVSS3