Dropbear, a lightweight SSH server commonly used in single-board computers and routers, has a critical security vulnerability that allows attackers to escalate their privileges to root. The flaw affects versions up to Dropbear 2024.84, enabling exploitation that can lead to arbitrary program execution with root privileges. To address this issue, the developers released version 2025.89, which patches the vulnerability. The root of the problem lies in how Dropbear handles Unix socket forwarding. When connections are forwarded, they authenticate using SO_PEERCRED as the user "root," which opens the door for privilege escalation. The vulnerability has a CVSS score of 9.8, indicating its serious nature. For those unable to update immediately, a temporary workaround involves disabling Unix socket forwarding with the command-line parameter `-j`, though this also disables TCP forwarding. Users compiling Dropbear from source can modify header files to prevent the vulnerable function from executing. The Dropbear developers also noted changes that disable Unix socket forwarding when forced command options are utilized. This adjustment helps mitigate the risk of executing arbitrary commands, even if it does not directly address the privilege escalation issue. Users of Dropbear should prioritize updating their software to safeguard against this vulnerability, as advised by CERT-Bund.