{"id":"CVE-2025-14946","summary":"Libnbd: libnbd: arbitrary code execution via ssh argument injection through a malicious uri","details":"A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell (SSH) process, rather than as hostnames. This could lead to arbitrary code execution with the privileges of the user running libnbd.","modified":"2026-07-08T07:08:57.677911342Z","published":"2025-12-19T13:02:38.342Z","related":["openSUSE-SU-2025:15842-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/14xxx/CVE-2025-14946.json","cna_assigner":"redhat","cwe_ids":["CWE-88"]},"references":[{"type":"WEB","url":"https://access.redhat.com/downloads/content/package-browser/"},{"type":"WEB","url":"https://libguestfs.org/libnbd-release-notes-1.24.1.html#Security"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2025-14946"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/14xxx/CVE-2025-14946.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14946"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423789"},{"type":"PACKAGE","url":"https://gitlab.com/nbdkit/libnbd"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/nbdkit/libnbd","events":[{"introduced":"2dcf73fa25ae6bbf062fa5959d0fca29b3b6ab9f"},{"fixed":"90c016d69cb169fe200f6a860d06634c9d792279"},{"introduced":"0"},{"fixed":"6182a590ced685694574b74884c9cec53668f879"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"1.22.0"},{"fixed":"1.22.5"},{"introduced":"1.23.0"},{"fixed":"1.23.9"}]}}],"versions":["v1.23.8","v1.22.4","v1.23.7","v1.22.3","v1.23.6","v1.23.4","v1.22.2","v1.23.3","v1.23.2","v1.23.1","v1.22.1","v1.22.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14946.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"}]}