Low severity3.6NVD Advisory· Published Oct 6, 2025· Updated Apr 15, 2026

CVE-2025-61984

Description

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2025/10/07/1nvd
www.openwall.com/lists/oss-security/2025/10/12/1nvd
dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984nvd
marc.infonvd
www.openssh.com/releasenotes.htmlnvd
www.openwall.com/lists/oss-security/2025/10/06/1nvd
www.vicarius.io/vsociety/posts/cve-2025-61984-detection-script-remote-code-execution-vulnerability-affecting-opensshnvd
www.vicarius.io/vsociety/posts/cve-2025-61984-mitigation-script-remote-code-execution-vulnerability-affecting-opensshnvd

News mentions

No linked articles in our index yet.

cvss	0.234
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000