Security Flaw in OpenSSH Affecting SSH Forwarding Capabilities
CVE-2025-32728

4.3MEDIUM

Key Information:

Vendor: OpenBSD
Status: Openssh
Vendor: CVE Published:; 10 April 2025

Summary

A vulnerability in OpenSSH's sshd component prior to version 10.0 allows the DisableForwarding directive to not function as documented, thereby failing to disable X11 and agent forwarding as intended. This oversight could lead to potential unauthorized access or data exposure, compromising the security posture of systems using affected versions.

Affected Version(s)

OpenSSH 7.4 < 10.0

References

https://lists.mindrot.org/pipermail/openssh-unix-dev/2025...

https://www.openssh.com/txt/release-10.0

https://github.com/openssh/openssh-portable/commit/fc8687...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 10, 2025
Vulnerability Reserved
Apr 10, 2025