CVE-2025-34469

MEDIUM EPSS 45.0%
Published Dec 31, 20256mo ago · Modified Jun 17, 20262w ago
6.9 CVSS 4.0
Medium
Find Similar
Published Dec 31, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

Cowrie versions prior to 2.9.0 contain a server-side request forgery (SSRF) vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no outbound request rate limiting was enforced, unauthenticated remote attackers could repeatedly invoke these commands to generate unbounded HTTP traffic toward arbitrary third-party targets, allowing the Cowrie honeypot to be abused as a denial-of-service amplification node and masking the attacker’s true source address behind the honeypot’s IP.

CVSS Details

Base Score
6.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
45.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-918 Server-Side Request Forgery (SSRF) Validation

Affected Products 1

VendorProductVersionRange
cowriecowrie* <2.9.0

References 5

  • github.com https://github.com/advisories/GHSA-83jg-m2pm-4jxj
    ExploitThird Party Advisory
  • github.com https://github.com/cowrie/cowrie/issues/2622
    ExploitIssue Tracking
  • github.com https://github.com/cowrie/cowrie/pull/2800
    ExploitIssue TrackingPatch
  • github.com https://github.com/cowrie/cowrie/releases/tag/v2.9.0
    Release Notes
  • vulncheck.com https://www.vulncheck.com/advisories/cowrie-unrestricted-wget-curl-emulation-enables-ssrf-based-ddos-amplification
    Third Party Advisory

Remediation

  • github.com https://github.com/cowrie/cowrie/pull/2800
    ExploitIssue TrackingPatch