Main Vulnerability Database Vulnerabilities #VU107332

Protection mechanism failure in OpenSSH - CVE-2025-32728

Published: April 10, 2025 / Updated: April 24, 2025

Vulnerability identifier: #VU107332

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-32728

CWE-ID: CWE-693

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenSSH

Affected software:
OpenSSH

Detailed vulnerability description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to software does not properly handle the DisableForwarding directive, which does not disable X11 forwarding and agent forwarding as documented. A remote user can bypass expected application's behavior and bypass implemented security restrictions.

How to mitigate CVE-2025-32728

Install updates from vendor's website.

Sources

https://www.openwall.com/lists/oss-security/2025/04/09/1
https://www.openssh.com/txt/release-10.0

Protection mechanism failure in OpenSSH - CVE-2025-32728

Detailed vulnerability description

How to mitigate CVE-2025-32728

Sources

Please verify you're human