Security researchers have uncovered a critical flaw in OpenSSH’s ProxyCommand feature that can be leveraged to achieve remote code execution on client systems.
Tracked as CVE-2025-61984, the vulnerability arises from inadequate filtering of control characters in usernames when expanding the ProxyCommand string.
A proof-of-concept exploit demonstrating the flaw in Bash and other shells has now been published, raising urgent concerns for administrators who employ complex SSH proxy configurations.
Vulnerability Details
The issue stems from how ssh(1) processes the ProxyCommand directive in ~/.ssh/config.
When using the %r token to include the remote username, control characters such as newline are not stripped, allowing an attacker to inject line breaks that interrupt the exec invocation and execute arbitrary commands on the client side.
By triggering a syntax error in the shell built-in, the malformed exec line aborts and execution resumes on the next line, where malicious payloads can run.
| Affected Products | Impact | Exploit Prerequisites | CVSS 3.1 Score |
| OpenSSH ≤ 10.0p1 (client) | Remote code execution | User SSH config with ProxyCommand using %r | 8.1 (High) |
Proof of Concept and Exploit
The released proof of concept demonstrates exploitation in Bash, fish, and csh shells.
In Bash, injecting $[*] within an exec invocation generates a syntax error that stops the exec but allows subsequent commands to run. For example:
bash -xc "$(printf 'exec $[*]necho compromised')"This prints “compromised” after the initial error. Similar behaviors in fish (exec cat $p[0]) and csh (exec $[) enable execution of attacker-controlled scripts.
Zsh is not affected by this specific technique, since non-interactive shells abort on parse errors by default.
A common attack vector is a malicious Git submodule URL leveraging the %r expansion.
When a user clones a repository with a crafted .gitmodules entry and a matching SSH proxy configuration, the injected control characters cause the proxy command to execute arbitrary code before connecting.
Mitigation and Recommendations
The primary remediation is to upgrade OpenSSH to version 10.1p1 or later, where control characters in usernames are explicitly disallowed.
Administrators unable to upgrade immediately can mitigate risk by quoting the %r token in SSH client configurations:
ProxyCommand /usr/bin/nc -X connect -x proxy:8080 '%r@%h:%p'This prevents newline injection. Additional defense-in-depth measures include restricting SSH transport for Git submodules via:
git config --global protocol.ssh.allow userand avoiding URL handlers that pass unfiltered SSH usernames.
Awareness of this flaw is particularly important for environments using SSH proxies, including cloud gateway solutions like Teleport, which generate proxy commands containing %r.
Proper filtering and version updates will safeguard against this insidious method of remote code execution.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
