Skip to main content

OpenSSH Alpine CVE-2025-61984

LOW
Improper Handling of Invalid Use of Special Elements (CWE-159)
N/A vendor:alpine
3.6
CVSS 3.1 · Vendor: vendor:alpine

Severity by source

Vendor (vendor:alpine) PRIMARY
3.6 LOW
AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from Vendor (vendor:alpine) · only source for this CVE.

CVSS VectorVendor: vendor:alpine

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
CVSS changed
Jul 14, 2026 - 13:22 NVD
3.6 (LOW)
Analysis Generated
May 27, 2026 - 23:13 vuln.today

DescriptionCVE.org

Alpine Linux: openssh fixed in 10.1_p1-r0

AnalysisAI

OpenSSH on Alpine Linux received a security fix in package version 10.1_p1-r0, addressing an unspecified vulnerability tracked as CVE-2025-61984. The exact nature, attack vector, and impact of this vulnerability are not disclosed in available intelligence sources - no CVE description, CVSS score, or CWE classification has been published at time of analysis. EPSS probability is extremely low at 0.01% (2nd percentile), and no public exploit or CISA KEV listing has been identified.

Technical ContextAI

OpenSSH is the de facto standard implementation of the Secure Shell (SSH) protocol, widely deployed for remote administration and encrypted file transfer. Alpine Linux packages OpenSSH using its own versioning scheme; the fix version 10.1_p1-r0 corresponds to upstream OpenSSH 10.1p1 packaged for Alpine. Without a published CWE or CVE description, the root cause class - whether memory corruption, authentication bypass, privilege escalation, or another category - cannot be determined from available data. The vulnerability is reported exclusively by the Alpine Linux vendor through its own advisory channel.

Affected ProductsAI

OpenSSH as packaged for Alpine Linux is affected. The fix was introduced in Alpine package version 10.1_p1-r0, meaning all prior Alpine Linux packages of OpenSSH below this version are potentially vulnerable. No CPE strings, specific Alpine release branches (e.g., Alpine 3.x edge), or additional affected platform details were provided in the available intelligence. Affected version ranges across Alpine release streams (stable, edge) are not confirmed from available data - consult the Alpine Linux security advisory at https://security.alpinelinux.org/ for precise branch-level scope.

RemediationAI

Upgrade the OpenSSH package on Alpine Linux to version 10.1_p1-r0 or later using the Alpine package manager: 'apk update && apk upgrade openssh'. This is the vendor-confirmed fix version per the Alpine Linux security report. No workarounds or compensating controls are documented in available data, as no technical details about the vulnerability mechanism have been disclosed. If immediate patching is operationally not feasible, consider restricting SSH access at the network perimeter (firewall rules limiting source IPs to known management hosts) as a generic precaution - note this does not remediate the underlying vulnerability. Consult https://security.alpinelinux.org/ for the official advisory and any additional guidance.

More in SSH

View all
CVE-2014-6271 CRITICAL POC
9.8 Sep 24

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which

CVE-2014-6278 HIGH POC
8.8 Sep 30

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi

CVE-2014-7169 CRITICAL POC
9.8 Sep 25

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of

CVE-2012-6066 CRITICAL POC
9.3 Dec 04

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demons

CVE-2014-6277 CRITICAL POC
10.0 Sep 27

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi

CVE-2023-25136 MEDIUM POC
6.5 Feb 03

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. Rated medium se

CVE-2016-6210 MEDIUM POC
5.9 Feb 13

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static

CVE-2015-5600 HIGH POC
8.1 Aug 03

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processin

CVE-2016-6515 HIGH POC
7.5 Aug 07

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2012-5975 CRITICAL POC
9.3 Dec 04

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

Share

CVE-2025-61984 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy