CVE-2025-15382

← CVEs

HIGH 8.1

Published

2026-01-06

Last Modified

2026-01-12

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.

Affected Applications in Environment 4

ssh v1:9.2p1-2+deb12u7

1 device

ssh v1:8.4p1-5+deb11u5

2 devices

ssh v1:10.0p1-7

1 device

ssh v1:9.6p1-3ubuntu13.15

1 device

Affected Devices 5

2ua5171h8k Linux auto-score Linux mirror3 Linux svn.usu.edu Linux sympa.ser321.usu.edu Linux

References 1

https://github.com/wolfSSL/wolfssh/pull/859