dropbear
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Lightweight SSH server |
| Version | 2025.88-2 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2874 | 2025.87-1 | 2025.88-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2025-47203 | AVG-2874 | Medium | Yes | Arbitrary command execution | dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used. |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 19 May 2025 | ASA-202505-9 | AVG-2874 | Medium | arbitrary command execution |