Vulnerability in OpenSSH Allowing Code Execution via SSH URI
CVE-2025-61985

3.6LOW

Key Information:

Vendor: OpenBSD
Status: Openssh
Vendor: CVE Published:; 6 October 2025

What is CVE-2025-61985?

A security flaw in versions of OpenSSH before 10.1 allows for the inclusion of the '\0' character in an ssh:// URI, which can lead to potential code execution when a ProxyCommand is employed. This vulnerability highlights risks associated with improper input validation in URI parsing, potentially allowing attackers to execute unauthorized commands within the context of the SSH process.

Affected Version(s)

OpenSSH 0 < 10.1

References

https://www.openwall.com/lists/oss-security/2025/10/06/1

https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2

https://www.openssh.com/releasenotes.html#10.1p1

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2025
Vulnerability Reserved
Oct 6, 2025

JSON

OpenBSD

What is CVE-2025-61985?

Affected Version(s)

References

CVSS V3.1

Timeline