{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-32728", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-05-08T13:11:19.684Z", "dateReserved": "2025-04-10T00:00:00.000Z", "datePublished": "2025-04-10T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenSSH", "vendor": "OpenBSD", "versions": [{"lessThan": "10.0", "status": "affected", "version": "7.4", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.4", "versionEndExcluding": "10.0"}]}]}], "descriptions": [{"lang": "en", "value": "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-440", "description": "CWE-440 Expected Behavior Violation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-04-10T01:40:34.658Z"}, "references": [{"url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html"}, {"url": "https://www.openssh.com/txt/release-10.0"}, {"url": "https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367"}, {"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig"}, {"url": "https://www.openssh.com/txt/release-7.4"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-10T18:35:34.531350Z", "id": "CVE-2025-32728", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T18:35:46.150Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250425-0002/"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00008.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-05-08T13:11:19.684Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250425-0002/"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00008.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-05-08T13:11:19.684Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32728", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-10T18:35:34.531350Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T18:35:40.236Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"}}], "affected": [{"vendor": "OpenBSD", "product": "OpenSSH", "versions": [{"status": "affected", "version": "7.4", "lessThan": "10.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html"}, {"url": "https://www.openssh.com/txt/release-10.0"}, {"url": "https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367"}, {"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig"}, {"url": "https://www.openssh.com/txt/release-7.4"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-440", "description": "CWE-440 Expected Behavior Violation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0", "versionStartIncluding": "7.4"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-04-10T01:40:34.658Z"}}}, "cveMetadata": {"cveId": "CVE-2025-32728", "state": "PUBLISHED", "dateUpdated": "2025-05-08T13:11:19.684Z", "dateReserved": "2025-04-10T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-04-10T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "B82BC87D-C176-4CEF-AC2A-3563C03C3DBC", "versionEndExcluding": "10.0", "versionStartIncluding": "7.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding."}, {"lang": "es", "value": " En sshd en OpenSSH anterior a 10.0, la directiva DisableForwarding no cumple con la documentaci\u00f3n que indica que deshabilita el reenv\u00edo de X11 y del agente."}], "id": "CVE-2025-32728", "lastModified": "2025-05-22T16:51:54.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-10T02:15:30.873", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Product", "Release Notes"], "url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://www.openssh.com/txt/release-10.0"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://www.openssh.com/txt/release-7.4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20250425-0002/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-440"}], "source": "cve@mitre.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "openssh: OpenSSH SSHD Agent Forwarding and X11 Forwarding", "id": "2358767", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358767"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-440", "details": ["In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.", "A flaw was found in OpenSSH. In affected versions of sshd, the DisableForwarding directive does not fully adhere to the intended functionality as documented. Specifically, it fails to disable X11 and agent forwarding, which may allow unintended access under certain configurations."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, explicitly disable X11 and agent forwarding in your SSH configuration (sshd_config) using:\nX11Forwarding no\nAllowAgentForwarding no"}, "name": "CVE-2025-32728", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-04-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-32728\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-32728\nhttps://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-440: Expected Behavior Violation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nAccess enforcement and least privilege limit user actions to only those explicitly permitted, reducing the risk of behavior outside defined boundaries. System configurations follow hardened baselines that disable unnecessary features and restrict execution to approved functions. Boundary protection isolates workloads and validates traffic to ensure interaction occurs only through authorized interfaces. Systems are designed to fail in a known state during unexpected input or failure to maintain stability. Additionally, real-time monitoring detects behavioral deviations, enabling a timely response and containment.", "threat_severity": "Moderate"}

{}