Main Vulnerability Database SB2025111495

SB2025111495 - SUSE update for openssh

Published: November 14, 2025

Security Bulletin ID SB2025111495

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) OS Command Injection (CVE-ID: CVE-2025-61984)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper validation of control characters in usernames obtained from an untrusted source (such as command line and %-sequence expansion of a configuration file). A remote attacker can trick the victim into initiating an ssh connection using a specially crafted configuration file and execute arbitrary shell commands on the system.

This vulnerability affects ssh client command and does not affect the sshd daemon.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-20254097-1/