A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell (SSH) process, rather than as hostnames. This could lead to arbitrary code execution with the privileges of the user running libnbd.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/14xxx/CVE-2025-14946.json",
"cwe_ids": [
"CWE-88"
],
"cna_assigner": "redhat"
}{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "1.22.0"
},
{
"fixed": "1.22.5"
},
{
"introduced": "1.23.0"
},
{
"fixed": "1.23.9"
}
]
}