Main Vulnerability Database SB2025051936

SB2025051936 - Fedora 42 update for openssh

Published: May 19, 2025

Security Bulletin ID SB2025051936

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Protection mechanism failure (CVE-ID: CVE-2025-32728)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to software does not properly handle the DisableForwarding directive, which does not disable X11 forwarding and agent forwarding as documented. A remote user can bypass expected application's behavior and bypass implemented security restrictions.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2025-ad76584c00