CVE-2025-61984

by Fred · 06/10/2025

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)

More information : https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2

CVE-2025-61984

Similar

Recent Posts

Categories

CVE-2025-61984

Share this:

Similar

Recent Posts

Categories

Tags