Medium severity5.4NVD Advisory· Published Feb 12, 2026· Updated Apr 15, 2026
CVE-2025-14282
CVE-2025-14282
Description
A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files. With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.
Affected products
1Patches
2a4043dac4e0ed193731630a6Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- www.openwall.com/lists/oss-security/2025/12/16/4nvd
- www.openwall.com/lists/oss-security/2025/12/17/1nvd
- access.redhat.com/security/cve/CVE-2025-14282nvd
- bugzilla.redhat.com/show_bug.cginvd
- github.com/mkj/dropbear/pull/391nvd
- github.com/mkj/dropbear/pull/394nvd
- lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.htmlnvd
News mentions
1- The Good, the Bad and the Ugly in Cybersecurity – Week 15SentinelOne Labs · Apr 10, 2026