CVE-2025-47203 Information

Description

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument because a shell is used.

Reference

https://github.com/mkj/dropbear/blob/master/CHANGES https://github.com/mkj/dropbear/blob/master/src/cli-main.c