CVE-2025-32728

EPSS 0.03%
Published 10.04.2025 00:00:00
Last modified 22.05.2025 16:51:54
Source cve@mitre.org
Teams watchlist Login
Open Login

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

Affected products Warnungen 0 Metrics 3 CWE 1 References 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Openbsd ≫ Openssh Version >= 7.4 < 10.0

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.073

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.8	2	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
cve@mitre.org	4.3	2.5	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-440 Expected Behavior Violation

A feature, API, or function does not perform according to its specification.

https://www.openssh.com/txt/release-7.4

Release Notes

https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html

Mailing List

Product

Release Notes

https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig

Product

https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367

Patch

https://www.openssh.com/txt/release-10.0

Release Notes

https://security.netapp.com/advisory/ntap-20250425-0002/

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/05/msg00008.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-32728

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32728

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32728

EUVD