CVE-2025-61984

CVE-2025-61984

Name

CVE-2025-61984

Description

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2
cve@mitre.org	https://www.openssh.com/releasenotes.html#10.1p1
cve@mitre.org	https://www.openwall.com/lists/oss-security/2025/10/06/1
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/10/07/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/10/12/1
af854a3a-2127-422b-91ae-364da2661108	https://www.vicarius.io/vsociety/posts/cve-2025-61984-detection-script-remote-code-execution-vulnerability-affecting-openssh
af854a3a-2127-422b-91ae-364da2661108	https://www.vicarius.io/vsociety/posts/cve-2025-61984-mitigation-script-remote-code-execution-vulnerability-affecting-openssh

Type

URI

cve@mitre.org

https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2

cve@mitre.org

https://www.openssh.com/releasenotes.html#10.1p1

cve@mitre.org

https://www.openwall.com/lists/oss-security/2025/10/06/1

134c704f-9b21-4f2e-91b3-4a467353bcc0

https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/10/07/1

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/10/12/1

af854a3a-2127-422b-91ae-364da2661108

https://www.vicarius.io/vsociety/posts/cve-2025-61984-detection-script-remote-code-execution-vulnerability-affecting-openssh

af854a3a-2127-422b-91ae-364da2661108

https://www.vicarius.io/vsociety/posts/cve-2025-61984-mitigation-script-remote-code-execution-vulnerability-affecting-openssh

CPE URI	Source package	Min version	Max version
	openssh	>= 0	< 10.1

CPE URI

Source package

Min version

Max version

openssh

>= 0

< 10.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
openssh	edge-main	9.9_p1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	edge-main	9.9_p2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	edge-main	10.0_p1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	edge-main	10.0_p1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	edge-main	10.0_p1-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	edge-main	10.0_p1-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	edge-main	10.0_p1-r5	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	edge-main	10.0_p1-r6	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	edge-main	10.0_p1-r7	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	edge-main	10.0_p1-r8	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	edge-main	10.0_p1-r9	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	edge-main	10.0_p1-r10	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	edge-main	10.0_p1-r11	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	3.22-main	10.0_p1-r7	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	3.22-main	10.0_p1-r8	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	3.22-main	10.0_p1-r9	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	3.21-main	9.9_p1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	3.21-main	9.9_p2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	3.20-main	9.7_p1-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	3.20-main	9.7_p1-r5	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	3.19-main	9.6_p1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	3.19-main	9.6_p1-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages