CVE-2025-61985
LOWDescription
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-61985? +
How severe is CVE-2025-61985? +
How do I check if I'm vulnerable to CVE-2025-61985? +
Related Vulnerabilities
A vulnerability in the CivetWeb library's function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS) condition. By …
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary …
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up …
If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support …
Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, …
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when …