Nixpkgs security tracker

Permalink CVE-2025-14946

4.8 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 3 months, 3 weeks ago

Libnbd: libnbd: arbitrary code execution via ssh argument injection through a malicious uri

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell (SSH) process, rather than as hostnames. This could lead to arbitrary code execution with the privileges of the user running libnbd.

References

https://access.redhat.com/security/cve/CVE-2025-14946 vdb-entryx_refsource_REDHAT
RHBZ#2423789 issue-trackingx_refsource_REDHAT
https://libguestfs.org/libnbd-release-notes-1.24.1.html#Security

Affected products

libnbd

<1.22.5
<1.23.9

virt:rhel/libnbd

container-native-virtualization/virt-cdi-cloner

container-native-virtualization/virt-cdi-importer

container-native-virtualization/virt-cdi-operator

container-native-virtualization/virt-cdi-apiserver

container-native-virtualization/virt-cdi-controller

container-native-virtualization/virt-cdi-uploadproxy

container-native-virtualization/virt-cdi-cloner-rhel9

container-native-virtualization/virt-cdi-uploadserver

container-native-virtualization/virt-cdi-importer-rhel9

container-native-virtualization/virt-cdi-operator-rhel9

container-native-virtualization/virt-cdi-apiserver-rhel9

container-native-virtualization/virt-cdi-controller-rhel9

container-native-virtualization/virt-cdi-uploadproxy-rhel9

container-native-virtualization/virt-cdi-uploadserver-rhel9