CVE-2025-61984

Summary

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)

Affected Software

VendorProductVersion RangeStatus
OpenBSDOpenSSH0 < 10.1affected

Weaknesses

  • CWE-159: CWE-159 Improper Handling of Invalid Use of Special Elements

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References