CVE-2025-61984

CWE-15911 documents8 sources
Severity
3.6LOW
EPSS
0.0%
top 98.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openbsd Openssh
Timeline
PublishedOct 6
Latest updateMar 12

Description

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.0 | Impact: 2.5

Affected Packages2 packages

CVEListV5openbsd/openssh< 10.1
Debianopenssh< 1:9.2p1-2+deb12u8+2

🔴Vulnerability Details

5
OSV
openssh vulnerabilities2026-03-12
OSV
openssh vulnerabilities2026-03-12
GHSA
GHSA-hh67-847q-q3h9: ssh in OpenSSH before 102025-10-06
OSV
CVE-2025-61984: ssh in OpenSSH before 102025-10-06
CVEList
CVE-2025-61984: ssh in OpenSSH before 102025-10-06

📋Vendor Advisories

5
Ubuntu
OpenSSH vulnerabilities2026-03-12
Ubuntu
OpenSSH vulnerabilities2026-03-12
Microsoft
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrust2025-10-14
Red Hat
openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand2025-10-06
Debian
CVE-2025-61984: openssh - ssh in OpenSSH before 10.1 allows control characters in usernames that originate...2025
CVE-2025-61984 (LOW CVSS 3.6) | ssh in OpenSSH before 10.1 allows c | cvebase.io