CVE-2025-30095

Published Mar 31, 2025

Last updated 3 days ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-30095 affects VyOS versions 1.3 through 1.5 (fixed in 1.4.2) and Debian-based systems that use Dropbear in combination with live-build. The vulnerability stems from the use of identical Dropbear private host keys across different installations. This vulnerability allows an attacker to conduct man-in-the-middle attacks against SSH connections if Dropbear is enabled as the SSH daemon. In VyOS, while not the default configuration for the system SSH daemon, it is the default for the console service. Mitigation includes removing existing keys and regenerating new ones or updating to VyOS 1.4 or 1.5.

Description
VyOS 1.3 through 1.5 (fixed in 1.4.2) or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the SSH daemon. I n VyOS, this is not the default configuration for the system SSH daemon, but is for the console service. To mitigate this, one can run "rm -f /etc/dropbear/*key*" and/or "rm -f /etc/dropbear-initramfs/*key*" and then dropbearkey -t rsa -s 4096 -f /etc/dropbear_rsa_host_key and reload the service or reboot the system before using Dropbear as the SSH daemon (this clears out all keys mistakenly built into the release image) or update to the latest version of VyOS 1.4 or 1.5. Note that this vulnerability is not unique to VyOS and may appear in any Debian-based Linux distribution that uses Dropbear in combination with live-build, which has a safeguard against this behavior in OpenSSH but no equivalent one for Dropbear.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

10

  1. CVE-2025-30095 exposes VyOS & Debian systems to MitM attacks—unpatched networks risk traffic interception. Immediate update required: https://t.co/xKp8BNuF2j #CyberSecurity #Vulnerability

    @adriananglin

    2 Apr 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. VyOS及びDebianに中間者攻撃の脆弱性。CVE-2025-30095はコンソールサーバ用に使用されているSSHサーバDropbearにおけるホスト鍵が、イメージ作成時にハードコードされているもの。 https://t.co/ZQ6u57ce6h

    @__kokumoto

    2 Apr 2025

    3311 Impressions

    19 Retweets

    30 Likes

    6 Bookmarks

    0 Replies

    2 Quotes

  3. CVE-2025-30095 VyOS 1.3 through 1.5 or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. … https://t.co/iq4xhH6GTR

    @CVEnew

    31 Mar 2025

    236 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References