{"url":"http://public2.vulnerablecode.io/api/packages/922010?format=json","purl":"pkg:deb/debian/dropbear@0?distro=trixie","type":"deb","namespace":"debian","name":"dropbear","version":"0","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.43-2","latest_non_vulnerable_version":"2026.91-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/312127?format=json","vulnerability_id":"VCID-enpx-ej3b-n3gh","summary":"A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root,\nonly switching to the logged-in user upon spawning a shell or performing\nsome operations like reading the user's files.\nWith the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14282","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02529","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0315","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0312","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03121","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03125","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03107","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03109","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03083","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0307","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03045","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03054","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04438","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04478","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04479","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04508","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04544","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04546","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04398","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04417","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14282"},{"reference_url":"https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html","reference_id":"002390.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/"}],"url":"https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123069","reference_id":"1123069","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123069"},{"reference_url":"https://github.com/mkj/dropbear/pull/391","reference_id":"391","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/"}],"url":"https://github.com/mkj/dropbear/pull/391"},{"reference_url":"https://github.com/mkj/dropbear/pull/394","reference_id":"394","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/"}],"url":"https://github.com/mkj/dropbear/pull/394"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-14282","reference_id":"CVE-2025-14282","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-14282"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420052","reference_id":"show_bug.cgi?id=2420052","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-13T16:20:24Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420052"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/922010?format=json","purl":"pkg:deb/debian/dropbear@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582161?format=json","purl":"pkg:deb/debian/dropbear@2020.81-3%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gg6f-jgbv-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2020.81-3%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582163?format=json","purl":"pkg:deb/debian/dropbear@2022.83-1%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gg6f-jgbv-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2022.83-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582165?format=json","purl":"pkg:deb/debian/dropbear@2025.89-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gg6f-jgbv-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2025.89-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582166?format=json","purl":"pkg:deb/debian/dropbear@2025.89-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gg6f-jgbv-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2025.89-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1102917?format=json","purl":"pkg:deb/debian/dropbear@2026.90-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2026.90-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112509?format=json","purl":"pkg:deb/debian/dropbear@2026.91-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2026.91-1%3Fdistro=trixie"}],"aliases":["CVE-2025-14282"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-enpx-ej3b-n3gh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@0%3Fdistro=trixie"}