CVE-2025-47203
published 2025-05-07CVE-2025-47203: dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
PriorityP423medium4.5CVSS 3.1
AVLACHPRNUINSCCLILAN
EPSS
0.58%
43.3th percentile
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dropbear | < dropbear 2022.83-1+deb12u3 (bookworm) | dropbear 2022.83-1+deb12u3 (bookworm) |
| dropbear_ssh_project | dropbear_ssh | < 2025.88 | 2025.88 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2020.81-3+deb11u3 | 2020.81-3+deb11u3 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2022.83-1+deb12u3 | 2022.83-1+deb12u3 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2025.88-1 | 2025.88-1 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2025.88-1 | 2025.88-1 |
CVSS provenance
nvdv3.14.5MEDIUMCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
osv4.5MEDIUM
vendor_debian4.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2025-47203: dropbear - dbclient in Dropbear SSH before 2025.88 allows command injection via an untruste...
vendor_debian·2025·CVSS 4.5
CVE-2025-47203 [MEDIUM] CVE-2025-47203: dropbear - dbclient in Dropbear SSH before 2025.88 allows command injection via an untruste...
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
Scope: local
bookworm: resolved (fixed in 2022.83-1+deb12u3)
bullseye: resolved (fixed in 2020.81-3+deb11u3)
forky: resolved (fixed in 2025.88-1)
sid: resolved (fixed in 2025.88-1)
trixie: resolved (fixed in 2025.88-1)
GHSA
GHSA-f2w6-r722-5fr8: dbclient in Dropbear SSH before 2025
ghsa_unreviewed·2025-05-07
CVE-2025-47203 [MEDIUM] CWE-78 GHSA-f2w6-r722-5fr8: dbclient in Dropbear SSH before 2025
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
OSV
CVE-2025-47203: dbclient in Dropbear SSH before 2025
osv·2025-05-07·CVSS 4.5
CVE-2025-47203 [MEDIUM] CVE-2025-47203: dbclient in Dropbear SSH before 2025
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/mkj/dropbear/blob/master/CHANGEShttps://github.com/mkj/dropbear/blob/master/src/cli-main.chttp://www.openwall.com/lists/oss-security/2025/05/09/4http://www.openwall.com/lists/oss-security/2025/05/12/6http://www.openwall.com/lists/oss-security/2025/05/13/1http://www.openwall.com/lists/oss-security/2025/05/13/10http://www.openwall.com/lists/oss-security/2025/05/13/3https://lists.debian.org/debian-lts-announce/2025/05/msg00020.html
2025-05-07
Published