CVE-2025-32728
- Source
- https://cve.org/CVERecord?id=CVE-2025-32728
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32728.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-32728
- Downstream
- Related
- Published
- 2025-04-10T02:15:30.873Z
- Modified
- 2026-02-16T08:07:39.451425Z
- Severity
-
- 3.8 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
- References
-
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig
- https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html
- https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html
- https://www.openssh.com/txt/release-10.0
- https://www.openssh.com/txt/release-7.4
- https://lists.debian.org/debian-lts-announce/2025/05/msg00008.html
- https://security.netapp.com/advisory/ntap-20250425-0002/
- https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367
- https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00008.html
Affected packages
Git / github.com/openssh/openssh-portable
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openssh/openssh-portable
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixed
Affected versions
Other
V_7_4_P1
V_7_5_P1
V_7_6_P1
V_7_7_P1
V_7_8_P1
V_7_9_P1
V_8_0_P1
V_8_1_P1
V_8_2_P1
V_8_4_P1
V_8_5_P1
V_8_6_P1
V_8_7_P1
V_8_8_P1
V_8_9_P1
V_9_0_P1
V_9_1_P1
V_9_2_P1
V_9_3_P1
V_9_5_P1
V_9_6_P1
V_9_7_P1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32728.json"
vanir_signatures
[
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367",
"digest": {
"function_hash": "133076491639203383823387614455115839010",
"length": 2048.0
},
"id": "CVE-2025-32728-3d303bb6",
"deprecated": false,
"target": {
"file": "session.c",
"function": "session_setup_x11fwd"
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367",
"digest": {
"function_hash": "151169046701137936850466914400687768049",
"length": 428.0
},
"id": "CVE-2025-32728-64280ae0",
"deprecated": false,
"target": {
"file": "session.c",
"function": "session_auth_agent_req"
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367",
"digest": {
"line_hashes": [
"302129403808892202751107050716447255615",
"227186618945793496493460375356702822421",
"61277606599405778295293498416605726251",
"39052513940640503578487586278620661415",
"171785806372956002748894980549115022364",
"53875906461956996569308087778751541414",
"211306792223610455392567591025373616519",
"240962318817132672213255136405283026374",
"84505436348310955167133086453229315999"
],
"threshold": 0.9
},
"id": "CVE-2025-32728-8bcee90d",
"deprecated": false,
"target": {
"file": "session.c"
}
}
]