CVE-2025-32728: In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent...

4.3 CVSS

Description

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

Classification

CVE ID: CVE-2025-32728

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Problem Types

CWE-440 Expected Behavior Violation

Affected Products

Vendor: OpenBSD

Product: OpenSSH

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.26% (scored less or equal to compared to others)

EPSS Date: 2025-04-21 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-32728
https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html
https://www.openssh.com/txt/release-10.0
https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367
https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig
https://www.openssh.com/txt/release-7.4

Timeline

2025-04-10 02:40:20 UTC
CVE

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent...