CVE-2025-14282
Dropbear: privilege escalation via unix domain socket forwardings
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files. With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.
| CWE | CWE-266 |
| Vendor | https://github.com/mkj/dropbear/ |
| Product | dropbear |
| Published | Feb 12, 2026 |
| Last Updated | Feb 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for https://github.com/mkj/dropbear/ dropbear
Be the first to know when new medium vulnerabilities affecting https://github.com/mkj/dropbear/ dropbear are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
https://github.com/mkj/dropbear/ / dropbear
2024.84 < 2025.88
References
access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-14282 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2420052 github.com: https://github.com/mkj/dropbear/pull/391 github.com: https://github.com/mkj/dropbear/pull/394 lists.ucc.gu.uwa.edu.au: https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html openwall.com: http://www.openwall.com/lists/oss-security/2025/12/16/4 openwall.com: http://www.openwall.com/lists/oss-security/2025/12/17/1