Search for vulnerabilities
Vulnerability details: VCID-83sx-qvdj-gbe2
Vulnerability ID VCID-83sx-qvdj-gbe2
Aliases CVE-2025-47203
Summary dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
System Score Found at
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00384 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00422 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
epss 0.00422 https://api.first.org/data/v1/epss?cve=CVE-2025-47203
cvssv3.1 4.5 https://github.com/mkj/dropbear/blob/master/CHANGES
ssvc Track https://github.com/mkj/dropbear/blob/master/CHANGES
cvssv3.1 4.5 https://github.com/mkj/dropbear/blob/master/src/cli-main.c
ssvc Track https://github.com/mkj/dropbear/blob/master/src/cli-main.c
archlinux Medium https://security.archlinux.org/AVG-2874
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2025-47203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47203
https://lists.debian.org/debian-lts-announce/2025/05/msg00020.html
http://www.openwall.com/lists/oss-security/2025/05/09/4
http://www.openwall.com/lists/oss-security/2025/05/12/6
http://www.openwall.com/lists/oss-security/2025/05/13/1
http://www.openwall.com/lists/oss-security/2025/05/13/10
http://www.openwall.com/lists/oss-security/2025/05/13/3
ASA-202505-9 https://security.archlinux.org/ASA-202505-9
AVG-2874 https://security.archlinux.org/AVG-2874
CHANGES https://github.com/mkj/dropbear/blob/master/CHANGES
cli-main.c https://github.com/mkj/dropbear/blob/master/src/cli-main.c
CVE-2025-47203 https://nvd.nist.gov/vuln/detail/CVE-2025-47203
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/mkj/dropbear/blob/master/CHANGES
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:22:58Z/ Found at https://github.com/mkj/dropbear/blob/master/CHANGES
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/mkj/dropbear/blob/master/src/cli-main.c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:22:58Z/ Found at https://github.com/mkj/dropbear/blob/master/src/cli-main.c
Exploit Prediction Scoring System (EPSS)
Percentile 0.36148
EPSS Score 0.00146
Published At May 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-05-07T23:35:27.624594+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 36.0.0