CVE-2025-14282
Awaiting Analysis Awaiting Analysis - Queue
Privilege Escalation via Unix Socket Forwarding in Dropbear SSH

Publication date: 2026-02-12

Last updated on: 2026-02-18

Assigner: Fedora Project

Description
A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files. With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-12
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-02-13
EPSS Evaluated
2026-06-14
NVD
CVE-2025-14282
EUVD
EUVD-2025-207001
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dropbear dropbear *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Dropbear SSH server when running in multi-user mode. The server performs socket forwardings requested by remote clients as the root user before switching to the logged-in user's privileges. Because of this, any user who can log in via SSH can connect to any Unix domain socket using root credentials. This bypasses file system restrictions and any credential checks like SO_PEERCRED or SO_PASSCRED that the socket peer might perform.

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Impact Analysis

An attacker who can log in via SSH can exploit this flaw to access Unix domain sockets with root privileges. This means they can bypass normal file system permissions and security checks, potentially gaining unauthorized access to sensitive services or data that communicate over these sockets. This could lead to information disclosure or unauthorized actions performed with elevated privileges.

Compliance Impact

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14282. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart