Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/dropbear@0?distro=trixie
Typedeb
Namespacedebian
Namedropbear
Version0
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version0.43-2
Latest_non_vulnerable_version2025.89-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-enpx-ej3b-n3gh
vulnerability_id VCID-enpx-ej3b-n3gh
summary 
A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root,
only switching to the logged-in user upon spawning a shell or performing
some operations like reading the user's files.
With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14282
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03054
published_at 2026-04-18T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03045
published_at 2026-04-16T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.0307
published_at 2026-04-13T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03083
published_at 2026-04-12T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03109
published_at 2026-04-11T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.0315
published_at 2026-04-09T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.03125
published_at 2026-04-08T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.03121
published_at 2026-04-07T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.0312
published_at 2026-04-04T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.03107
published_at 2026-04-02T12:55:00Z
10
value 0.00017
scoring_system epss
scoring_elements 0.04398
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14282
1
reference_url https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html
reference_id 002390.html
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/
url https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123069
reference_id 1123069
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123069
3
reference_url https://github.com/mkj/dropbear/pull/391
reference_id 391
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/
url https://github.com/mkj/dropbear/pull/391
4
reference_url https://github.com/mkj/dropbear/pull/394
reference_id 394
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/
url https://github.com/mkj/dropbear/pull/394
5
reference_url https://access.redhat.com/security/cve/CVE-2025-14282
reference_id CVE-2025-14282
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/
url https://access.redhat.com/security/cve/CVE-2025-14282
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2420052
reference_id show_bug.cgi?id=2420052
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2420052
fixed_packages
0
url pkg:deb/debian/dropbear@0?distro=trixie
purl pkg:deb/debian/dropbear@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@0%3Fdistro=trixie
1
url pkg:deb/debian/dropbear@2020.81-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/dropbear@2020.81-3%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2020.81-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/dropbear@2022.83-1%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/dropbear@2022.83-1%2Bdeb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2022.83-1%252Bdeb12u3%3Fdistro=trixie
3
url pkg:deb/debian/dropbear@2025.89-1~deb13u1?distro=trixie
purl pkg:deb/debian/dropbear@2025.89-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2025.89-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/dropbear@2025.89-1?distro=trixie
purl pkg:deb/debian/dropbear@2025.89-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2025.89-1%3Fdistro=trixie
aliases CVE-2025-14282
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-enpx-ej3b-n3gh
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@0%3Fdistro=trixie