CVE-2025-14282

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files. With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-14282
https://bugzilla.redhat.com/show_bug.cgi?id=2420052
https://github.com/mkj/dropbear/pull/391
https://github.com/mkj/dropbear/pull/394
https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html
http://www.openwall.com/lists/oss-security/2025/12/16/4
http://www.openwall.com/lists/oss-security/2025/12/17/1

Configurations

No configuration.

History

18 Feb 2026, 21:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/security/cve/CVE-2025-14282 - () https://bugzilla.redhat.com/show_bug.cgi?id=2420052 - () https://github.com/mkj/dropbear/pull/394 -
Summary	(en) A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files. With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.	(en) A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files. With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.

12 Feb 2026, 23:16

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2025/12/16/4 - () http://www.openwall.com/lists/oss-security/2025/12/17/1 -

12 Feb 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-12 22:16

Updated : 2026-02-18 21:16

NVD link : CVE-2025-14282

Mitre link : CVE-2025-14282

CVE.ORG link : CVE-2025-14282

JSON object : View

Products Affected

No product.

CWE

CWE-266

Incorrect Privilege Assignment

5.4 /10