CVE-2025-47203 | THREATINT

Description

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.

PUBLISHED Reserved 2025-05-02 | Published 2025-05-07 | Updated 2025-05-17 | Assigner mitre

MEDIUM: 4.5CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unaffected

Any version before 2025.88

affected

References

www.openwall.com/lists/oss-security/2025/05/09/4

www.openwall.com/lists/oss-security/2025/05/12/6

www.openwall.com/lists/oss-security/2025/05/13/1

www.openwall.com/lists/oss-security/2025/05/13/3

www.openwall.com/lists/oss-security/2025/05/13/10

lists.debian.org/debian-lts-announce/2025/05/msg00020.html

github.com/mkj/dropbear/blob/master/src/cli-main.c

github.com/mkj/dropbear/blob/master/CHANGES

cve.org (CVE-2025-47203)

nvd.nist.gov (CVE-2025-47203)

Download JSON

help @ threatint.eu