Cowrie < 2.9.0 Unrestricted wget/curl Emulation Enables SSRF-Based DDoS Amplification
Description
Cowrie versions prior to 2.9.0 contain a server-side request forgery (SSRF) vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no outbound request rate limiting was enforced, unauthenticated remote attackers could repeatedly invoke these commands to generate unbounded HTTP traffic toward arbitrary third-party targets, allowing the Cowrie honeypot to be abused as a denial-of-service amplification node and masking the attacker’s true source address behind the honeypot’s IP.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cowriePyPI | < 2.9.0 | 2.9.0 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/cowrie/cowrie/pull/2800ghsapatchWEB
- github.com/cowrie/cowrie/releases/tag/v2.9.0ghsarelease-notespatchWEB
- github.com/advisories/GHSA-83jg-m2pm-4jxjghsavendor-advisoryADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-34469ghsaADVISORY
- www.vulncheck.com/advisories/cowrie-unrestricted-wget-curl-emulation-enables-ssrf-based-ddos-amplificationghsathird-party-advisoryWEB
- github.com/cowrie/cowrie/issues/2622ghsaissue-trackingWEB
- github.com/cowrie/cowrie/security/advisories/GHSA-83jg-m2pm-4jxjghsaWEB
- www.cve.org/cverecordghsaWEB
News mentions
0No linked articles in our index yet.