CVE-2025-59951
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2025-10-20

Assigner: GitHub, Inc.

Description
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's IP when using the req.ip method. This results in isLocalhost always returning True. Consequently, the /ssh/db/host/internal endpoint can be accessed directly without login or authentication. This endpoint records the system's stored SSH host information, including addresses, usernames, and passwords, posing an extremely high security risk. Users who use the official Termix docker image, build their own image using the official dockerfile, or utilize reverse proxy functionality will be affected by this vulnerability. This issue is fixed in version 1.6.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2025-10-20
Generated
2026-06-16
AI Q&A
2025-10-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59951
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
termix termix From 0.1.1 (inc) to 1.6.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-348 The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in Termix versions 1.5.0 and below when using the official Docker image configured with an Nginx reverse proxy. The backend incorrectly retrieves the proxy's IP address instead of the client's IP when using the req.ip method, causing the isLocalhost check to always return True. This flaw allows unauthenticated access to the /ssh/db/host/internal endpoint, which exposes sensitive SSH host information such as addresses, usernames, and passwords.

Impact Analysis

This vulnerability poses an extremely high security risk because it allows attackers to access sensitive SSH host information without any login or authentication. This could lead to unauthorized access to systems, potential data breaches, and compromise of server management capabilities.

Mitigation Strategies

Upgrade Termix to version 1.6.0 or later, as this version fixes the vulnerability. Additionally, avoid using the official Termix Docker image versions 1.5.0 and below or building your own image using the official dockerfile without the fix. If you use reverse proxy functionality, review and adjust your configuration to prevent the backend from retrieving the proxy's IP instead of the client's IP.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59951. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart