CVE-2025-34469
Unknown Unknown - Not Provided
SSRF in Cowrie wget/curl Enables DoS Amplification Abuse

Publication date: 2025-12-31

Last updated on: 2025-12-31

Assigner: VulnCheck

Description
Cowrie versions prior to 2.9.0 contain a server-side request forgery (SSRF) vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no outbound request rate limiting was enforced, unauthenticated remote attackers could repeatedly invoke these commands to generate unbounded HTTP traffic toward arbitrary third-party targets, allowing the Cowrie honeypot to be abused as a denial-of-service amplification node and masking the attacker’s true source address behind the honeypot’s IP.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-31
Last Modified
2025-12-31
Generated
2026-06-16
AI Q&A
2026-01-01
EPSS Evaluated
2026-06-14
NVD
CVE-2025-34469
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cowrie cowrie *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a server-side request forgery (SSRF) in Cowrie versions prior to 2.9.0. It occurs in the emulated shell implementation of wget and curl commands, which perform real outbound HTTP requests to attacker-supplied destinations without rate limiting. This allows unauthenticated remote attackers to repeatedly invoke these commands to generate unlimited HTTP traffic toward arbitrary third-party targets, abusing the Cowrie honeypot as a denial-of-service amplification node and hiding the attacker's true source IP behind the honeypot's IP.

Impact Analysis

The vulnerability can be exploited by attackers to generate unbounded HTTP traffic toward arbitrary third-party targets, effectively using the Cowrie honeypot as a denial-of-service amplification node. This can lead to denial-of-service attacks on third parties and can mask the attacker's true source address by hiding it behind the honeypot's IP address.

Mitigation Strategies

To mitigate this vulnerability, upgrade Cowrie to version 2.9.0 or later where the SSRF issue in the emulated wget and curl commands is fixed. Additionally, consider implementing outbound request rate limiting and monitoring outbound HTTP traffic from the honeypot to detect and prevent abuse.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34469. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart