Home

Description

Cowrie versions prior to 2.9.0 contain a server-side request forgery (SSRF) vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no outbound request rate limiting was enforced, unauthenticated remote attackers could repeatedly invoke these commands to generate unbounded HTTP traffic toward arbitrary third-party targets, allowing the Cowrie honeypot to be abused as a denial-of-service amplification node and masking the attacker’s true source address behind the honeypot’s IP.

PUBLISHED Reserved 2025-04-15 | Published 2025-12-31 | Updated 2026-01-27 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

Problem types

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Default status
unaffected

Any version before 2.9.0
affected

Credits

Abraham Gebrehiwot and Filippo Lauria (Institute of Informatics and Telematics, Italian National Research Council (CNR)) analyst

Michele Castellaneta, Claudio Porta, and Sara Afzal (Institute of Informatics and Telematics, Italian National Research Council (CNR)) other

References

github.com/advisories/GHSA-83jg-m2pm-4jxj exploit

github.com/advisories/GHSA-83jg-m2pm-4jxj vendor-advisory

github.com/cowrie/cowrie/releases/tag/v2.9.0 release-notes patch

github.com/cowrie/cowrie/pull/2800 patch

github.com/cowrie/cowrie/issues/2622 issue-tracking

www.vulncheck.com/...n-enables-ssrf-based-ddos-amplification third-party-advisory

cve.org (CVE-2025-34469)

nvd.nist.gov (CVE-2025-34469)

Download JSON