CVE-2025-14282 — Incorrect Privilege Assignment in Github.com MKJ Dropbear Dropbear

CWE-266 — Incorrect Privilege Assignment5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.0%

top 95.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Https Github.com MKJ Dropbear Dropbear Debian Dropbear

Timeline

PublishedFeb 12

Latest updateFeb 13

Description

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files. With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

▶debiandebian/dropbear< dropbear 2025.89-1 (forky)

▶CVEListV5https/github.com_mkj_dropbear_dropbear2024.84 — 2025.88

▶Debianhttps/github.com_mkj_dropbear_dropbear< 2025.89-1~deb13u1+1

🔴Vulnerability Details

GHSA

GHSA-xqcm-jrw9-wq72: A flaw was found in Dropbear↗2026-02-13

▶

OSV

CVE-2025-14282: A flaw was found in Dropbear↗2026-02-12

▶

📋Vendor Advisories

Debian

CVE-2025-14282: dropbear - A flaw was found in Dropbear. When running in multi-user mode and authenticating...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-14282 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶