OpenSSH Flaw (CVE-2025-61984) Allows RCE via Usernames

A critical vulnerability, CVE-2025-61984, has been disclosed in OpenSSH versions before 10.1, enabling remote code execution. The flaw stems from the improper handling of control characters in usernames when used with the `ProxyCommand` directive. An attacker can inject malicious commands by crafting a username with special shell characters and a newline, exploiting how certain shells parse the command string. This issue poses a significant risk for configurations using the `%r` token, such as in some Git submodule setups. Administrators should upgrade OpenSSH immediately or apply mitigations by quoting the username token in their configuration files.

Latest mentioned: 10-08

Earliest mentioned: 10-07

Sources

gbhackers.com securityonline.info cybersum.net

Also Read

WordPress WooCommerce Sites Targeted by Sophisticated Malware

The Wordfence Threat Intelligence Team has uncovered a sophisticated malware campaign targeting WordPress e-commerce sites using the WooCommerce plugin. The malware, disguised as legitimate plugins like 'jwt-log-pro' and 'cron-environment-advanced,' hides malicious payloads inside fake images and evades detection through custom encryption. It logs users with high privileges, intercepts login credentials, and establishes a backdoor for remote command access. The malware is attributed to Magecart Group 12, known for credit card skimming operations. The campaign has compromised over 25,000 IP addresses, primarily in Southeast Asia and North America, with a focus on network video recorders and routers.

10-31Read more →