CVE-2025-32728

Name

CVE-2025-32728

Description

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
	https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html
	https://www.openssh.com/txt/release-10.0
	https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367
	https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig
	https://www.openssh.com/txt/release-7.4
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250425-0002/
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/05/msg00008.html

Match rules

CPE URI	Source package	Min version	Max version
	openssh	>= 7.4	< 10.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
openssh	edge-main	9.9_p1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	edge-main	9.9_p2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable