CVE-2025-14282

Name of the Vulnerable Software and Affected Versions Dropbear versions 2024.84 through 2025.88

Description A flaw exists in Dropbear when operating in multi-user mode and authenticating users. The Dropbear SSH server performs socket forwardings as root, switching to the logged-in user only when a shell is spawned or file operations are performed. The introduction of unix domain socket forwarding allows any authenticated user to connect to any unix socket with root privileges, bypassing file system restrictions and SO PEERCRED/SO PASSCRED checks. This could potentially allow an attacker to gain a root shell. The issue affects a significant number of routers and IoT devices. The vulnerability involves incorrect permission handling in the Dropbear SSH server.

Recommendations Upgrade Dropbear to version 2025.89 or later.