A newly discovered vulnerability in OpenSSH’s ProxyCommand feature, identified as CVE-2025-61984, allows remote attackers to execute arbitrary code on client systems. This critical flaw stems from the insufficient filtering of control characters within usernames when the ProxyCommand string is expanded. A proof-of-concept (PoC) exploit has been released, demonstrating the vulnerability across multiple shells, prompting immediate attention for organizations relying on SSH proxy configurations.
Vulnerability Details
The vulnerability arises from how ssh(1) processes the ProxyCommand directive within a user’s ~/.ssh/config file. When administrators include the %r token to insert the remote username into the proxy command, control characters, such as newlines, are not adequately stripped. This oversight allows an attacker who can manipulate the username field to inject line breaks, disrupting the intended exec invocation.
When the malformed exec line fails due to a syntax error, execution continues on the subsequent line, enabling attacker-supplied commands to run with the privileges of the SSH client.
Root Cause
The root cause of CVE-2025-61984 lies in OpenSSH’s failure to properly sanitize control characters, particularly newlines, within usernames. An attacker can craft a username containing a newline character followed by a malicious command. This crafted username is then passed to the shell via SSH’s ProxyCommand. While OpenSSH filters many dangerous shell metacharacters, it fails to filter characters that could force a syntax error in certain shells.
Proof of Concept (PoC)
Researchers have released a PoC exploit that demonstrates the attack in Bash, fish, and csh shells. In Bash, injecting $[*] within an exec invocation produces a syntax error, halting the built-in but allowing subsequent lines to run.
For example:
bash bash -xc "$(printf 'exec $[*]\n\necho compromised')"This command prints “compromised” following the initial parse error. Similar techniques target fish (using exec cat \\$p[0]) and csh (using exec $[) to achieve code execution. Zsh remains unaffected because non-interactive shells abort entirely on parse errors.
Attack Vector
A common attack vector involves a malicious Git submodule URL. If a repository’s .gitmodules entry contains a crafted username and the user’s SSH configuration employs ProxyCommand with %r, the injected control characters trigger the proxy command to execute arbitrary scripts before establishing the SSH connection.
The exploit requires two conditions on the victim’s machine:
- A shell that continues execution after a syntax error (like Bash).
- An SSH configuration file (
~/.ssh/config) with a ProxyCommand that uses the%rtoken to include the remote username.
Affected Versions and Impact
This expansion vulnerability affects OpenSSH client versions before 10.1.
Successful exploitation of this vulnerability allows for remote code execution on the client machine. This can lead to complete system compromise, data theft, and the potential for lateral movement within a network.
Mitigation & Recommendations
The definitive solution is to upgrade OpenSSH clients to version 10.1/10.1p1 or later, where control characters in usernames are explicitly disallowed. For administrators unable to upgrade immediately, quoting the %r token in the SSH configuration can mitigate the risk:
ProxyCommand /usr/bin/nc -X connect -x proxy:8080 '%r@%h:%p'This quoting prevents newline injection by treating the username string literally.
Additional defense-in-depth measures include:
- Enforcing stricter handling of Git submodules by disabling unintended SSH transport:
git config --global protocol.ssh.allow user- Limiting URL handlers that pass unfiltered SSH usernames further reduces exposure.
- Awareness of this flaw is crucial for any infrastructure using SSH proxies, including cloud gateway services.
Instantly Fix Risks with Saner Patch Management
Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.
It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.
Experience the fastest and most accurate patching software here.