๐Ÿ” CVE Alert

CVE-2025-61985

LOW 3.6
CVSS Score
3.6
EPSS Score
0.0%
EPSS Percentile
0th

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

CWE CWE-158
Vendor openbsd
Product openssh
Ecosystems
Industries
Technology
Published Oct 6, 2025
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for openbsd openssh

Be the first to know when new low vulnerabilities affecting openbsd openssh are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

OpenBSD / OpenSSH
0 < 10.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
openwall.com: https://www.openwall.com/lists/oss-security/2025/10/06/1 marc.info: https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2 openssh.com: https://www.openssh.com/releasenotes.html#10.1p1 cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-019113.html