CVE-2025-32728

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
mitreCNA
4.3 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
openbsdopenssh
7.4 ≤
𝑥
< 10.0
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig
https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367
https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html
https://www.openssh.com/txt/release-10.0
https://www.openssh.com/txt/release-7.4
https://lists.debian.org/debian-lts-announce/2025/05/msg00008.html
https://security.netapp.com/advisory/ntap-20250425-0002/