Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-enpx-ej3b-n3gh
Summary
A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root,
only switching to the logged-in user upon spawning a shell or performing
some operations like reading the user's files.
With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.
Aliases
0
alias CVE-2025-14282
Fixed_packages
0
url pkg:apk/alpine/dropbear@2025.89-r0?arch=armhf&distroversion=edge&reponame=main
purl pkg:apk/alpine/dropbear@2025.89-r0?arch=armhf&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dropbear@2025.89-r0%3Farch=armhf&distroversion=edge&reponame=main
1
url pkg:apk/alpine/dropbear@2025.89-r0?arch=armv7&distroversion=edge&reponame=main
purl pkg:apk/alpine/dropbear@2025.89-r0?arch=armv7&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dropbear@2025.89-r0%3Farch=armv7&distroversion=edge&reponame=main
2
url pkg:apk/alpine/dropbear@2025.89-r0?arch=x86&distroversion=edge&reponame=main
purl pkg:apk/alpine/dropbear@2025.89-r0?arch=x86&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dropbear@2025.89-r0%3Farch=x86&distroversion=edge&reponame=main
3
url pkg:apk/alpine/dropbear@2025.89-r0?arch=x86_64&distroversion=edge&reponame=main
purl pkg:apk/alpine/dropbear@2025.89-r0?arch=x86_64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dropbear@2025.89-r0%3Farch=x86_64&distroversion=edge&reponame=main
4
url pkg:apk/alpine/dropbear@2025.89-r0?arch=riscv64&distroversion=edge&reponame=main
purl pkg:apk/alpine/dropbear@2025.89-r0?arch=riscv64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dropbear@2025.89-r0%3Farch=riscv64&distroversion=edge&reponame=main
5
url pkg:apk/alpine/dropbear@2025.89-r0?arch=s390x&distroversion=edge&reponame=main
purl pkg:apk/alpine/dropbear@2025.89-r0?arch=s390x&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dropbear@2025.89-r0%3Farch=s390x&distroversion=edge&reponame=main
6
url pkg:apk/alpine/dropbear@2025.89-r0?arch=aarch64&distroversion=edge&reponame=main
purl pkg:apk/alpine/dropbear@2025.89-r0?arch=aarch64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dropbear@2025.89-r0%3Farch=aarch64&distroversion=edge&reponame=main
7
url pkg:apk/alpine/dropbear@2025.89-r0?arch=loongarch64&distroversion=edge&reponame=main
purl pkg:apk/alpine/dropbear@2025.89-r0?arch=loongarch64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dropbear@2025.89-r0%3Farch=loongarch64&distroversion=edge&reponame=main
8
url pkg:apk/alpine/dropbear@2025.89-r0?arch=ppc64le&distroversion=edge&reponame=main
purl pkg:apk/alpine/dropbear@2025.89-r0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dropbear@2025.89-r0%3Farch=ppc64le&distroversion=edge&reponame=main
9
url pkg:deb/debian/dropbear@0?distro=trixie
purl pkg:deb/debian/dropbear@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@0%3Fdistro=trixie
10
url pkg:deb/debian/dropbear@2020.81-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/dropbear@2020.81-3%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2020.81-3%252Bdeb11u2%3Fdistro=trixie
11
url pkg:deb/debian/dropbear@2022.83-1%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/dropbear@2022.83-1%2Bdeb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2022.83-1%252Bdeb12u3%3Fdistro=trixie
12
url pkg:deb/debian/dropbear@2025.89-1~deb13u1?distro=trixie
purl pkg:deb/debian/dropbear@2025.89-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2025.89-1~deb13u1%3Fdistro=trixie
13
url pkg:deb/debian/dropbear@2025.89-1?distro=trixie
purl pkg:deb/debian/dropbear@2025.89-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2025.89-1%3Fdistro=trixie
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14282
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03054
published_at 2026-04-18T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03045
published_at 2026-04-16T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.0307
published_at 2026-04-13T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03083
published_at 2026-04-12T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03109
published_at 2026-04-11T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.0315
published_at 2026-04-09T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.03125
published_at 2026-04-08T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.03121
published_at 2026-04-07T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.0312
published_at 2026-04-04T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.03107
published_at 2026-04-02T12:55:00Z
10
value 0.00017
scoring_system epss
scoring_elements 0.04398
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14282
1
reference_url https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html
reference_id 002390.html
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/
url https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123069
reference_id 1123069
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123069
3
reference_url https://github.com/mkj/dropbear/pull/391
reference_id 391
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/
url https://github.com/mkj/dropbear/pull/391
4
reference_url https://github.com/mkj/dropbear/pull/394
reference_id 394
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/
url https://github.com/mkj/dropbear/pull/394
5
reference_url https://access.redhat.com/security/cve/CVE-2025-14282
reference_id CVE-2025-14282
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/
url https://access.redhat.com/security/cve/CVE-2025-14282
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2420052
reference_id show_bug.cgi?id=2420052
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2420052
Weaknesses
0
cwe_id 266
name Incorrect Privilege Assignment
description A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Exploits
Severity_range_score5.4 - 5.4
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-enpx-ej3b-n3gh