#VU107446 Reusing a Nonce, Key Pair in Encryption in ssh-slave Docker images - CVE-2025-32755
Published: April 15, 2025
Vulnerability identifier: #VU107446
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-32755
CWE-ID: CWE-323
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ssh-slave Docker images
ssh-slave Docker images
Software vendor:
Jenkins
Jenkins
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to SSH host keys are generated on image creation for images based on Debian. A remote attacker can insert themselves into the network path between the SSH client and SSH build agent to impersonate the latter.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.