CVE-2025-32728
Publication date 10 April 2025
Last updated 19 August 2025
Ubuntu priority
Description
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| openssh | 25.10 questing |
Fixed 1:9.9p1-3ubuntu3.1
|
| 25.04 plucky |
Fixed 1:9.9p1-3ubuntu3.1
|
|
| 24.04 LTS noble |
Fixed 1:9.6p1-3ubuntu13.11
|
|
| 22.04 LTS jammy |
Fixed 1:8.9p1-3ubuntu0.13
|
|
| 20.04 LTS focal |
Fixed 1:8.2p1-4ubuntu0.13
|
|
| 18.04 LTS bionic |
Vulnerable
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| openssh-ssh1 | 25.10 questing | Ignored |
| 25.04 plucky | Ignored | |
| 24.04 LTS noble | Ignored | |
| 22.04 LTS jammy | Ignored | |
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
Notes
mdeslaur
openssh-ssh1 is only provided for compatibility with old devices that cannot be upgraded to modern protocols. We will not be providing any security support for the openssh-ssh1 package as it is insecure and should be used in trusted environments only. The DisableForwarding option was introduced in 7.4
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.3 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Changed |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-7457-1
- OpenSSH vulnerability
- 24 April 2025