CVE-2025-61985
EUVD-2025-3213406.10.2025, 19:15
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| openbsd | openssh | 𝑥 < 10.1 | CNA |
Debian Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| openssh |
| ||||
| openssh-askpass |
| ||||
| openssh-cavs |
| ||||
| openssh-clients |
| ||||
| openssh-keycat |
| ||||
| openssh-ldap |
| ||||
| openssh-server |
| ||||
| pam |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| openssh |
| ||
| openssh-clients |
| ||
| openssh-clients-debuginfo |
| ||
| openssh-debuginfo |
| ||
| openssh-debugsource |
| ||
| openssh-keycat |
| ||
| openssh-keycat-debuginfo |
| ||
| openssh-server |
| ||
| openssh-server-debuginfo |
| ||
| pam_ssh_agent_auth |
| ||
| pam_ssh_agent_auth-debuginfo |
|
Azure Linux Releases