CVE-2025-3497
published 2025-07-09CVE-2025-3497: The Linux distribution underlying the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) is obsolete and reached end of life (EOL) on June 30, 2024. Thus…
PriorityP340high8.7CVSS 3.1
AVNACLPRHUINSCCNIHAH
EPSS
0.33%
25.2th percentile
The Linux distribution underlying the Radiflow iSAP Smart Collector
(CentOS 7 - VSAP 1.20) is obsolete and
reached end of life (EOL) on
June 30, 2024. Thus, any
unmitigated vulnerability could be exploited to affect this product.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openbsd | openssh | >= 0 < 1:8.9p1-3ubuntu0.14 | 1:8.9p1-3ubuntu0.14 |
| openbsd | openssh | >= 0 < 1:9.6p1-3ubuntu13.15 | 1:9.6p1-3ubuntu13.15 |
| openbsd | openssh | >= 0 < 1:10.0p1-5ubuntu5.1 | 1:10.0p1-5ubuntu5.1 |
| openbsd | openssh | >= 0 < 1:8.2p1-4ubuntu0.13+esm1 | 1:8.2p1-4ubuntu0.13+esm1 |
| radiflow | isap_smart_collector | >= 1.20 < 3.02-1 | 3.02-1 |
CVSS provenance
nvdv3.18.7HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
osv3.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
openssh vulnerabilities
osv·2026-03-12·CVSS 3.6
CVE-2026-3497 openssh vulnerabilities
openssh vulnerabilities
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly
handled disconnecting clients. In non-default configurations where the
GSSAPIKeyExchange setting is enabled, a remote attacker could use this
issue to cause OpenSSH to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-3497)
David Leadbeater discovered that OpenSSH incorrectly handled certain
control characters in usernames. When untrusted usernames and the
ProxyCommand are being used, an attacker could possibly use this issue to
execute arbitrary code. (CVE-2025-61984)
David Leadbeater discovered that OpenSSH incorrectly handled NULL
characters in ssh:// URIs. When the ProxyCommand is being used, an attacker
could possibly use this issue to execute arbitr
OSV
openssh vulnerabilities
osv·2026-03-12·CVSS 3.6
CVE-2026-3497 openssh vulnerabilities
openssh vulnerabilities
USN-8090-1 fixed vulnerabilities in OpenSSH. This update provides the
corresponding updates for Ubuntu 20.04 LTS.
Original advisory details:
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly
handled disconnecting clients. In non-default configurations where the
GSSAPIKeyExchange setting is enabled, a remote attacker could use this
issue to cause OpenSSH to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-3497)
David Leadbeater discovered that OpenSSH incorrectly handled certain
control characters in usernames. When untrusted usernames and the
ProxyCommand are being used, an attacker could possibly use this issue to
execute arbitrary code. (CVE-2025-61984)
David Leadbeater discovered that OpenSSH incor
GHSA
GHSA-q56r-wgj6-2g29: The Linux distribution underlying the Radiflow iSAP Smart Collector
(CentOS 7 - VSAP 1
ghsa_unreviewed·2025-07-09
CVE-2025-3497 [HIGH] CWE-1104 GHSA-q56r-wgj6-2g29: The Linux distribution underlying the Radiflow iSAP Smart Collector
(CentOS 7 - VSAP 1
The Linux distribution underlying the Radiflow iSAP Smart Collector
(CentOS 7 - VSAP 1.20) is obsolete and
reached end of life (EOL) on
June 30, 2024. Thus, any
unmitigated vulnerability could be exploited to affect this product.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-09
Published