CVE-2025-32728

low-risk

Published 2025-04-10

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

Do I need to act?

0.27% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

LOCAL / LOW complexity

Affected Products (2)

Openssh

Debian Linux

Affected Vendors

Debian Openbsd

References (7)

Product https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig

Patch https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628...

Mailing List https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html

Release Notes https://www.openssh.com/txt/release-10.0

Release Notes https://www.openssh.com/txt/release-7.4

Mailing List https://lists.debian.org/debian-lts-announce/2025/05/msg00008.html

Third Party Advisory https://security.netapp.com/advisory/ntap-20250425-0002/

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 7/34 · Low