Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-61985

Опубликовано: 06 окт. 2025
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

A flaw was found in OpenSSH where the SSH client accepted \0 (null) characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up.

Отчет

The impact is MODERATE because it is a critical component used across many Red Hat products. Exploiting this vulnerability would require a specific configuration where ProxyCommand is enabled and the SSH client processes an untrusted ssh:// URI containing null bytes. Under these conditions, the command parser may misinterpret the URI and execute unintended shell commands.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6opensshFix deferred
Red Hat Enterprise Linux 7opensshFix deferred
Red Hat OpenShift Container Platform 4rhcosFix deferred
Red Hat Enterprise Linux 10opensshFixedRHSA-2025:2347917.12.2025
Red Hat Enterprise Linux 10.0 Extended Update SupportopensshFixedRHSA-2026:167802.02.2026
Red Hat Enterprise Linux 8opensshFixedRHSA-2025:2348117.12.2025
Red Hat Enterprise Linux 8opensshFixedRHSA-2025:2348117.12.2025
Red Hat Enterprise Linux 9opensshFixedRHSA-2025:2348017.12.2025
Red Hat Enterprise Linux 9opensshFixedRHSA-2025:2348017.12.2025
Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsopensshFixedRHSA-2026:179003.02.2026

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-158
https://bugzilla.redhat.com/show_bug.cgi?id=2401962openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

EPSS

Процентиль: 4%
0.00016
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-61985

CVSS3: 3.6
ubuntu
6 месяцев назад

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

nvd логотип

CVE-2025-61985

CVSS3: 3.6
nvd
6 месяцев назад

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

msrc логотип

CVE-2025-61985

CVSS3: 3.6
msrc
6 месяцев назад

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

debian логотип

CVE-2025-61985

CVSS3: 3.6
debian
6 месяцев назад

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, ...

github логотип

GHSA-8gmf-r74v-362p

CVSS3: 3.6
github
6 месяцев назад

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

EPSS

Процентиль: 4%
0.00016
Низкий

5.3 Medium

CVSS3