equuleus
1.3.8
Unsupported — VyOS 1.3 has reached end of life in April 2025.
sagitta
1.4.2
Maintenance and security release
| CVE | Name | Description | Status |
|---|---|---|---|
| CVE-2025-30095 | Private key reuse in Dropbear SSH server | A Dropbear private key was included in the image at build time and not regenerated, making console server SSH connections vulnerable to MitM attacks.. | fixed |
| CVE-2023-32728 | Code injection in zabbix_agent2 smartctl plugin | Certain configurations of Zabbix agent were vulnerable to remote code execution. This issue was previously fixed by a hotfix and is now included in the image. | Fixed |
| CVE-2024-3596 | Blast-RADIUS | The Blast-RADIUS vulnerability is present in 1.4.2 and will be fixed in subsequent releases. Make sure your routers are not communicating with RADIUS servers over untrusted networks. | Present |