CVE-2025-32942

Published Oct 2, 2025

Last updated 9 days ago

CVSS high 7.2
SSH
Tunneling protocol
Port (22)

Overview

Description
SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic.
Source
cve@mitre.org
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.3
Exploitability score
1.3
Vector string
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-670

Social media

Hype score
Not currently trending

  1. CVE-2025-32942 SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic. https://t.co/XqaZzRUPKB

    @CVEnew

    2 Oct 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.CVE-2026-33824
  2. Fortinet FortiClient EMS Improper Access Control VulnerabilityCVE-2026-35616
  3. OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.CVE-2026-35414
  4. In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).CVE-2026-35385
  5. A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.CVE-2026-0964

References

Sources include official advisories and independent security research.