Plattform
python
Komponente
cowrie
Behoben in
2.9.0
2.9.0
CVE-2025-34469 describes a Server-Side Request Forgery (SSRF) vulnerability found in Cowrie, a popular SSH and Telnet honeypot. This flaw allows unauthenticated attackers to leverage Cowrie's emulated shell mode to amplify HTTP-based denial-of-service (DoS) attacks against external targets. The vulnerability impacts versions of Cowrie up to 2.8.1, and a fix is available in version 2.9.0.
The SSRF vulnerability in Cowrie's emulated shell mode presents a significant risk for DoS amplification. Attackers can craft malicious commands using wget or curl within the emulated shell, causing Cowrie to make outbound HTTP requests to arbitrary third-party hosts. Because Cowrie operates as a honeypot, it often has a public-facing IP address, making it an attractive target for attackers seeking to amplify their DoS attacks. This can lead to service disruptions and resource exhaustion for the targeted hosts, potentially impacting critical infrastructure or online services. The lack of authentication required to exploit this vulnerability further exacerbates the risk, as any unauthenticated user can potentially launch attacks.
CVE-2025-34469 was publicly disclosed on December 20, 2025. The vulnerability's ease of exploitation and the potential for DoS amplification suggest a medium probability of exploitation. No public proof-of-concept (PoC) code has been publicly released as of the disclosure date, but the SSRF nature of the vulnerability makes it likely that PoCs will emerge. It is not currently listed on CISA KEV.
Organizations deploying Cowrie honeypots, particularly those with public-facing instances, are at risk. Shared hosting environments where Cowrie is deployed alongside other services are also vulnerable, as a compromised Cowrie instance could be used to launch attacks against other tenants. Legacy Cowrie configurations that haven't been updated recently are particularly susceptible.
• python / server:
journalctl -u cowrie | grep -i "http request"• generic web:
curl -I <cowrie_ip>/wget <arbitrary_url>• generic web:
curl -I <cowrie_ip>/curl <arbitrary_url>disclosure
Exploit-Status
EPSS
0.19% (41% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-34469 is to upgrade Cowrie to version 2.9.0 or later, which includes the fix for the SSRF vulnerability. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Restricting outbound network access from the Cowrie honeypot to only essential services can limit the potential for abuse. Implementing a Web Application Firewall (WAF) or proxy with strict outbound filtering rules can also help prevent malicious HTTP requests. Monitoring Cowrie's logs for unusual outbound traffic patterns is crucial for early detection of potential attacks. After upgrading, confirm the fix by attempting to execute wget or curl commands within the emulated shell and verifying that the requests are properly blocked.
Aktualisieren Sie Cowrie auf Version 2.9.0 oder höher. Diese Version behebt die SSRF-Schwachstelle, indem eine Ratenbegrenzung für ausgehende Anfragen implementiert und eine DDoS-Angriffsverstärkung verhindert wird.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-34469 is a Server-Side Request Forgery vulnerability in Cowrie honeypots versions 2.8.1 and earlier, allowing attackers to launch DoS attacks.
If you are running Cowrie version 2.8.1 or earlier, you are affected by this vulnerability and should upgrade immediately.
Upgrade Cowrie to version 2.9.0 or later to resolve the SSRF vulnerability. Consider temporary workarounds like restricting outbound network access if an upgrade is not immediately possible.
While no active exploitation has been confirmed, the vulnerability's ease of exploitation suggests a potential for exploitation, and monitoring is recommended.
Refer to the Cowrie project's official website and security advisories for the latest information and updates regarding CVE-2025-34469.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.