OpenSSH ProxyCommand Command Injection (CVE-2025-61984)

Overview

• CVE: CVE-2025-61984

• Severity: Critical

• Date: 13 October 2025

A command-injection vulnerability has been disclosed in OpenSSH that can allow remote code execution on a target system when the ProxyCommand feature is used and an attacker is able to supply a specially crafted username containing control characters (for example, a newline followed by a payload). The issue is a bypass of an earlier fix (CVE-2023-51385) and stems from OpenSSH failing to disallow control characters in usernames delivered from certain untrusted sources.

Practical exploitation scenarios include malicious Git repositories that embed a crafted username in submodule URLs; when a user runs git clone --recursive (or otherwise causes Git to fetch submodules) and their SSH config contains a ProxyCommand using the %r (remote username) token, the crafted username can cause the underlying shell to execute a secondary (malicious) line after a syntax error, leading to RCE.

Affected Versions

• OpenSSH: versions before 10.1 (patched in OpenSSH 10.1)

• Systems using SSH ProxyCommand directives that expand %r into an unquoted shell context are at increased risk.

• Exploitation depends on the victim system shell behaviour (e.g. Bash, Fish, csh may continue after a syntax error; zsh terminates and is not vulnerable in this specific way).

Vulnerability Breakdown

CVE-2025-61984 — ProxyCommand username control-character injection

Type: Command injection via ProxyCommand username handling

Impact: Remote code execution on victim host (via shell execution)

Exploitation vector: Crafted username containing control characters passed through ProxyCommand (often triggered by Git submodule fetches or other SSH client connections where username originates from untrusted sources)

Conditions required:

• Victim SSH config contains a ProxyCommand that inserts %r into a shell command (unquoted)

• The SSH client or upstream tool (e.g., Git) uses that config when connecting to the attacker-controlled host

• Victim shell continues execution after a syntax error (Bash/Fish/csh)

Notable: Tools that auto-generate SSH configs (some Teleport configurations, etc.) can increase exposure.

Mitigation

• Upgrade to OpenSSH 10.1+ (patch disallows control characters in usernames).

• If you cannot upgrade immediately, quote %r in ProxyCommand directives, avoid recursive Git submodule clones from untrusted repos, and audit generated SSH configs.

• Minimise SSH exposure: Do not allow SSH inbound or outbound unless absolutely necessary. Enforce a deny-by-default policy and only permit SSH where business need is documented. Use bastion/jump hosts, egress filtering, and strict ACLs to restrict which internal systems can initiate or accept SSH connections.

• Monitor for suspicious ssh/git activity and unexpected child shells spawned by ssh processes.

Summary for IT Teams

Products: OpenSSH client configurations, developer workstations, CI/CD runners, developer laptops, systems using Git with SSH submodules

Threat Level: Critical

Action Required:

• Patch OpenSSH clients to 10.1+ as a priority.

• Search for ProxyCommand occurrences in ~/.ssh/config, /etc/ssh/ssh_config, and generated SSH configs, and ensure %r is safely quoted.

• Review build/CI pipelines and developer workflows that automatically clone third-party repositories with submodules.

• Consider temporarily restricting recursive submodule fetches and enforcing HTTPS for submodule URLs until upgrades are complete.

• Monitor for signs of exploitation in system logs and process trees (unexpected child shells, unusual commands spawned by ssh/git processes).

Reference

• Cyber Security News