Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-34469
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-31 Dec, 2025 | 21:36
Updated At-27 Jan, 2026 | 15:14
Rejected At-
▼CVE Numbering Authority (CNA)
Cowrie < 2.9.0 Unrestricted wget/curl Emulation Enables SSRF-Based DDoS Amplification

Cowrie versions prior to 2.9.0 contain a server-side request forgery (SSRF) vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no outbound request rate limiting was enforced, unauthenticated remote attackers could repeatedly invoke these commands to generate unbounded HTTP traffic toward arbitrary third-party targets, allowing the Cowrie honeypot to be abused as a denial-of-service amplification node and masking the attacker’s true source address behind the honeypot’s IP.

Affected Products
Vendor
Cowrie
Product
Cowrie
Default Status
unaffected
Versions
Affected
  • From 0 before 2.9.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918 Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918 Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
analyst
Abraham Gebrehiwot and Filippo Lauria (Institute of Informatics and Telematics, Italian National Research Council (CNR))
other
Michele Castellaneta, Claudio Porta, and Sara Afzal (Institute of Informatics and Telematics, Italian National Research Council (CNR))
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/advisories/GHSA-83jg-m2pm-4jxj
vendor-advisory
https://github.com/cowrie/cowrie/releases/tag/v2.9.0
release-notes
patch
https://github.com/cowrie/cowrie/pull/2800
patch
https://github.com/cowrie/cowrie/issues/2622
issue-tracking
https://www.vulncheck.com/advisories/cowrie-unrestricted-wget-curl-emulation-enables-ssrf-based-ddos-amplification
third-party-advisory
Hyperlink: https://github.com/advisories/GHSA-83jg-m2pm-4jxj
Resource:
vendor-advisory
Hyperlink: https://github.com/cowrie/cowrie/releases/tag/v2.9.0
Resource:
release-notes
patch
Hyperlink: https://github.com/cowrie/cowrie/pull/2800
Resource:
patch
Hyperlink: https://github.com/cowrie/cowrie/issues/2622
Resource:
issue-tracking
Hyperlink: https://www.vulncheck.com/advisories/cowrie-unrestricted-wget-curl-emulation-enables-ssrf-based-ddos-amplification
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/advisories/GHSA-83jg-m2pm-4jxj
exploit
Hyperlink: https://github.com/advisories/GHSA-83jg-m2pm-4jxj
Resource:
exploit
Details not found