debian · CVE-2025-14946

Quick triage

Priority: unimportant Published: Updated: Sat, 11 Jul 2026 14:01:09 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2025-14946 unimportant priority: Debian including 1 source packages (libnbd), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 4, open 1.

Description:

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell (SSH) process, rather than as hostnames. This could lead to arbitrary code execution with the privileges of the user running libnbd.

cvelogic Threat Intelligence