CVE-2025-34469 - Cowrie < 2.9.0 Unrestricted wget/curl Emulation Enables SSRF-Based DDoS Amplific...

CVE ID : CVE-2025-34469 Published : Dec. 31, 2025, 10:15 p.m. | 59 minutes ago Description : Cowrie versions prior to 2.9.0 contain a server-side request forgery (SSRF) vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no outbound request rate limiting was enforced, unauthenticated remote attackers could repeatedly invoke these commands to generate unbounded HTTP traffic toward arbitrary third-party targets, allowing the Cowrie honeypot to be abused as a denial-of-service amplification node and masking the attacker’s true source address behind the honeypot’s IP. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Telegram CVE Monitor