privilege escalation via unix domain socket forwardings_CVE-2025-14282

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Description

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files. With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.

Basic Information

ID CVE-2025-14282

Source fedora

Published Feb 12, 2026 at 21:37

Modified Feb 12, 2026 at 22:10

Affected Product

Vendor Dropbear

Product Dropbear

Version 2024.84

Affected Versions Dropbear Dropbear 2024.84

CWE Classification

CWE-266

References

{
    "lastseen": "",
    "description": "A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files. With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.",
    "published": "2026-02-12T21:37:57.157Z",
    "modified": "2026-02-12T22:10:33.107Z",
    "type": "cve",
    "title": "privilege escalation via unix domain socket forwardings",
    "source": "fedora",
    "references": "https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html\nhttps://github.com/mkj/dropbear/pull/391",
    "id": "CVE-2025-14282",
    "bulletinFamily": "",
    "cwe": [
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "Dropbear Dropbear 2024.84",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Dropbear",
    "version": "2024.84",
    "vendor": "Dropbear",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}