GHSA-56WX-66PX-9J66

Vulnerability from github – Published: 2025-05-13 21:34 – Updated: 2025-05-13 21:34
VLAI?
Summary
OPKSSH Vulnerable to Authentication Bypass
Details

Impact

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.

Patches

The vulnerability does not exist in more recent versions of OPKSSH. his only impacts OPKSSH when used to verify ssh keys on a server, the OPKSSH client is unaffected. To remediate upgrade to a version of OPKSSH v0.5.0 or greater.

To determine if you are vulnerable run on your server:

opkssh --version

If the version is less than 0.5.0 you should upgrade. To upgrade to the latest version run:

wget -qO- "https://raw.githubusercontent.com/openpubkey/opkssh/main/scripts/install-linux.sh" | sudo bash

References

CVE-2025-4658

The upstream vulnerability in OpenPubkey is CVE-2025-3757 and has the security advisory https://github.com/openpubkey/openpubkey/security/advisories/GHSA-537f-gxgm-3jjq

Severity ?
9.3 (Critical)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/openpubkey/opkssh"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-4658"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-13T21:34:58Z",
    "nvd_published_at": "2025-05-13T17:16:04Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nVersions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.\n\n### Patches\n\nThe vulnerability does not exist in more recent versions of OPKSSH. his only impacts OPKSSH  when used to verify ssh keys on a server, the OPKSSH client is unaffected. To remediate upgrade to a version of OPKSSH v0.5.0 or greater.\n\nTo determine if you are vulnerable run on your server:\n\n```bash\nopkssh --version\n```\n\nIf the version is less than 0.5.0 you should upgrade. To upgrade to the latest version run:\n\n```bash\nwget -qO- \"https://raw.githubusercontent.com/openpubkey/opkssh/main/scripts/install-linux.sh\" | sudo bash\n``` \n\n\n### References\n\n[CVE-2025-4658](https://www.cve.org/CVERecord?id=CVE-2025-4658)\n\nThe upstream vulnerability in OpenPubkey is [CVE-2025-3757](https://www.cve.org/CVERecord?id=CVE-2025-3757) and has the security advisory https://github.com/openpubkey/openpubkey/security/advisories/GHSA-537f-gxgm-3jjq",
  "id": "GHSA-56wx-66px-9j66",
  "modified": "2025-05-13T21:34:58Z",
  "published": "2025-05-13T21:34:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openpubkey/opkssh/security/advisories/GHSA-56wx-66px-9j66"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4658"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openpubkey/opkssh"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OPKSSH Vulnerable to Authentication Bypass "
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.