CVE-2025-32728 - How OpenSSH's DisableForwarding Directive Fails to Block X11 and Agent Forwarding (with Exploit Example)

OpenSSH is the most widely used SSH server and client suite out there. It's known for strong security, but sometimes bugs get through the cracks. In early 2025, a critical issue was discovered and tracked as CVE-2025-32728. This flaw affects OpenSSH before version 10., specifically the DisableForwarding setting in sshd_config.

This post breaks down what went wrong, how you can see it in action, and why upgrading is crucial.

OpenSSH provides a directive called DisableForwarding for sshd. If you set

DisableForwarding yes

the OpenSSH documentation says it "disables X11, TCP, and agent forwarding, as well as port forwarding, for that user or group." That should mean:

No SSH agent forwarding

- No TCP/port forwarding

But with versions before 10.:

Agent forwarding (-A flag) _still works_

Attackers or users are able to bypass restrictions intended by sysadmins.

Technical Details

The bug lies in how sshd interprets the DisableForwarding option. Instead of strictly enforcing all types of forwarding, the function checking this setting only blocks port (TCP) forwarding.

See the code (from OpenSSH 9.7)

// Inside session.c
if (options.disable_forwarding) {
    options.allow_tcp_forwarding = NO;
    // Missing: should also set allow_agent_forwarding and allow_x11_forwarding to NO
}

The variables allow_agent_forwarding and allow_x11_forwarding stay untouched. So if later in your sshd_config you allow X11 or agent forwarding globally, or if the user requests it, it still goes through.

1. Vulnerable Configuration

# /etc/ssh/sshd_config
Match User lockeduser
    DisableForwarding yes

Agent forwarding

ssh -A lockeduser@target-host 'ssh-add -l'

X11 forwarding

ssh -X lockeduser@target-host 'xeyes'

Expected (Secure) Result: Both commands should fail with a message like "Forwarding disabled."
In Vulnerable OpenSSH Before 10.: Both _succeed_ — lockeduser can use agent and X11 forwarding!

Why Does It Matter?

Admins trust security-related options to work as published.
- When you block all forwarding, you’re often limiting user lateral movement, malware risk, and data leaks.
- CVE-2025-32728 means that _internal jump hosts, bastions, and restricted accounts may be wide open_ to credential theft (agent forwarding allows stealing SSH keys) or graphical attacks (X11).

Fixed in: OpenSSH 10. (April 2025)

- Patched file: session.c — GitHub diff
- OpenSSH Release Notes
- NVD Entry

`

- Audit: Look for configurations relying on DisableForwarding and test with ssh -A and ssh -X to confirm they can't be bypassed.

Conclusion

CVE-2025-32728 is a classic case where docs and implementation drift apart. The bug was silent, easy to miss, and potentially dangerous for any environment trying to restrict users’ tunnel and credential-exfiltration vectors.

References

- OpenSSH Release Notes
- NVD CVE-2025-32728
- Example code diff (GitHub)

Timeline

Published on: 04/10/2025 02:15:30 UTC
Last modified on: 04/11/2025 15:40:10 UTC