CVE-2025-14946

Name of the Vulnerable Software and Affected Versions libnbd (affected versions not specified)

Description A flaw exists in libnbd where a malicious actor could potentially achieve arbitrary code execution with the privileges of the user running libnbd. This is possible by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). The issue stems from an incorrect interpretation of non-standard hostnames starting with '-o', which are treated as arguments to the Secure Shell (SSH) process instead of being recognized as hostnames. A Uniform Resource Identifier (URI) is a string of characters used to identify a name or a resource.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.