CVE-2025-61984 PoC — OpenSSH 安全漏洞

Source

https://github.com/dgl/cve-2025-61984-poc

Associated Vulnerability

Title:OpenSSH 安全漏洞 (CVE-2025-61984)
Description:OpenSSH（OpenBSD Secure Shell）是加拿大OpenBSD开源的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现，支持对所有的传输进行加密，可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 10.1之前版本存在安全漏洞，该漏洞源于允许来自命令行和配置文件扩展的用户名包含控制字符，可能导致代码执行。

Description

PoC for OpenSSH ProxyCommand CVE-2025-61984

Readme

# CVE-2025-61984 PoC

This is a proof of concept using a newline to confuse OpenSSH's <10.1
ProxyCommand. [Full write
up](https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984).

## How to run

Set up an `.ssh/config` containing:

```
Host *.example.com
  ProxyCommand some-command %r@%h:%p
```

(The command doesn't matter, it just needs an unquoted %r in the arguments
somewhere.)

Then run (for bash):

```
$ git clone --recursive https://github.com/dgl/cve-2025-61984-poc
```

Or if using fish as `$SHELL`:

```
git clone --recursive -b fish https://github.com/dgl/cve-2025-61984-poc
```

If you're not using the shell but want to test this, you can do:

```
$ SHELL=/bin/bash git clone --recursive https://github.com/dgl/cve-2025-61984-poc
```

File Snapshot


 [4.0K]  /data/pocs/cf66379f30497ce0c903f94792c6062c44e87cf0
├── [4.0K]  foo
├── [ 127]  poc.sh
└── [ 765]  README.md

2 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!