libnbd URI Injection Enables Code Execution via Malicious SSH Args
CVE-2025-14946 Published on December 19, 2025
Libnbd: libnbd: arbitrary code execution via ssh argument injection through a malicious uri
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell (SSH) process, rather than as hostnames. This could lead to arbitrary code execution with the privileges of the user running libnbd.
Vulnerability Analysis
CVE-2025-14946 is exploitable with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
What is an Argument Injection Vulnerability?
The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
CVE-2025-14946 has been classified to as an Argument Injection vulnerability or weakness.
Products Associated with CVE-2025-14946
stack.watch emails you whenever new vulnerabilities are published in Red Hat Enterprise Linux (RHEL) or Red Hat Container Native Virtualization. Just hit a watch button to start following.
Affected Versions
Red Hat libnbd:- Version 1.22.0 and below 1.22.5 is affected.
- Version 1.23.0 and below 1.23.9 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.