Vulnerability Description
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openssh | >= 7.4, < 10.0 |
| Debian | Debian Linux | 11.0 |
Related Weaknesses (CWE)
References
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sigProduct
- https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628Patch
- https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.htmlMailing ListProductRelease Notes
- https://www.openssh.com/txt/release-10.0Release Notes
- https://www.openssh.com/txt/release-7.4Release Notes
- https://lists.debian.org/debian-lts-announce/2025/05/msg00008.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20250425-0002/Third Party Advisory
FAQ
What is CVE-2025-32728?
CVE-2025-32728 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
How severe is CVE-2025-32728?
CVE-2025-32728 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-32728?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh, Debian Debian Linux.