A new command injection vulnerability in OpenSSH, tracked as CVE-2025-61984, has been disclosed, which could allow an attacker to achieve remote code execution on a victim’s machine.
The vulnerability is a bypass of a previous fix for a similar issue (CVE-2023-51385) and exploits how the ProxyCommand feature interacts with the underlying system shell when handling specially crafted usernames.
The core of the vulnerability lies in OpenSSH’s failure to properly sanitize control characters, such as newlines, within usernames. An attacker can create a username that includes a newline character followed by a malicious command.
This username is then passed to the shell via SSH’s ProxyCommand. While OpenSSH filters many dangerous shell metacharacters, it does not filter characters that could force a syntax error in certain shells.
When a shell like Bash, Fish, or csh processes the ProxyCommand, the crafted syntax error on the first line, the command fails, but the shell does not exit.
Instead, it proceeds to execute the command on the next line, which is the malicious payload supplied by the attacker. This behavior effectively bypasses security measures intended to prevent command execution, opening the door for an RCE.
The Git Submodule Attack Vector
The most practical exploitation scenario for CVE-2025-61984 involves a malicious Git repository. An attacker can configure a submodule within their repository to use a URL containing the malicious, multi-line username.
If a victim clones this repository recursively (git clone --recursive), Git will attempt to connect via SSH to fetch the submodule. This triggers the vulnerability ProxyCommand if the user has a specific configuration.
The exploit requires two conditions on the victim’s machine: a shell that continues execution after a syntax error (like Bash) and an SSH configuration file (~/.ssh/config) with a ProxyCommand that uses the %r token to include the remote username.
Notably, the secure shell Zsh is not vulnerable to this technique as it terminates upon encountering such errors. Tools like Teleport have been found to generate SSH configurations that use this vulnerable pattern, potentially increasing the attack surface.
Mitigations
The OpenSSH project has released a patch in version 10.1 that fully addresses this vulnerability by disallowing control characters in usernames. All users are strongly urged to upgrade to this version or newer.
For systems that cannot be immediately updated, several mitigations can be implemented.
Users can edit their SSH configurations to enclose the %r token in single quotes ('%r') within any ProxyCommand directive, which prevents the shell from interpreting the special characters.
Another effective defense-in-depth measure is to configure Git to restrict the automatic use of SSH for submodules.
This vulnerability serves as a critical reminder of the complex security risks that can emerge from the interactions between trusted developer tools.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
