CVE-2025-14282
Privilege Escalation via Unix Socket Forwarding in Dropbear SSH
Publication date: 2026-02-12
Last updated on: 2026-02-18
Assigner: Fedora Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dropbear | dropbear | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
Can you explain this vulnerability to me?
This vulnerability exists in the Dropbear SSH server when running in multi-user mode. The server performs socket forwardings requested by remote clients as the root user before switching to the logged-in user's privileges. Because of this, any user who can log in via SSH can connect to any Unix domain socket using root credentials. This bypasses file system restrictions and any credential checks like SO_PEERCRED or SO_PASSCRED that the socket peer might perform.
How can this vulnerability impact me? :
An attacker who can log in via SSH can exploit this flaw to access Unix domain sockets with root privileges. This means they can bypass normal file system permissions and security checks, potentially gaining unauthorized access to sensitive services or data that communicate over these sockets. This could lead to information disclosure or unauthorized actions performed with elevated privileges.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know