CVE-2025-61984 – OpenSSH SSH Command Injection

CVE ID : CVE-2025-61984

Published : Oct. 6, 2025, 7:15 p.m. | 1 hour, 18 minutes ago

Description : ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)

Severity: 3.6 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…