Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/openssh@9.9p1-12?arch=el10_1
purl pkg:rpm/redhat/openssh@9.9p1-12?arch=el10_1
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 2.4
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-a7m6-uqbt-nqd9
Aliases:
CVE-2025-61985
openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand There are no reported fixed by versions.
VCID-wga4-sqwk-4bfj
Aliases:
CVE-2025-61984
openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-21T22:40:22.903164+00:00 RedHat Importer Affected by VCID-a7m6-uqbt-nqd9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json 38.4.0
2026-04-21T22:40:22.652372+00:00 RedHat Importer Affected by VCID-wga4-sqwk-4bfj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json 38.4.0
2026-04-01T13:36:09.092695+00:00 RedHat Importer Affected by VCID-a7m6-uqbt-nqd9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json 38.0.0
2026-04-01T13:36:08.856104+00:00 RedHat Importer Affected by VCID-wga4-sqwk-4bfj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json 38.0.0