VDB
ALPINE-CVE-2025-61985
ALPINE-CVE-2025-61985
PUBLISHED
CVSS 3.5999999046325684 LOW
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
Risk Scores
CVSS v3.1
3.5999999046325684
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.23 | openssh | 0, 10.0_p1-r0, 10.0_p1-r1 |
| Alpine:v3.22 | openssh | 0, 10.0_p1-r0, 10.0_p1-r1 |
Timeline
- Oct 6, 2025 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch