equuleus

1.3.8

Unsupported — VyOS 1.3 has reached end of life in April 2025.

sagitta

1.4.2

Maintenance and security release

CVE Name Description Status
CVE-2025-30095 Private key reuse in Dropbear SSH server A Dropbear private key was included in the image at build time and not regenerated, making console server SSH connections vulnerable to MitM attacks.. fixed
CVE-2023-32728 Code injection in zabbix_agent2 smartctl plugin Certain configurations of Zabbix agent were vulnerable to remote code execution. This issue was previously fixed by a hotfix and is now included in the image. Fixed
CVE-2024-3596 Blast-RADIUS The Blast-RADIUS vulnerability is present in 1.4.2 and will be fixed in subsequent releases. Make sure your routers are not communicating with RADIUS servers over untrusted networks. Present