4 matches found
CVE-2025-30095
VyOS 1.3 through 1.5 fixed in 1.4.2 or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the...
CVE-2025-30095
creationtimestamp| type| source ---|---|--- 2025-03-31 19:12:39+00:00| seen| https://t.me/cvedetector/21628 2025-03-31 21:31:33+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9769 2025-04-02 05:51:39+00:00| seen|...
CVE-2025-30095
VyOS 1.3 through 1.5 fixed in 1.4.2 or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the...
CVE-2025-30095
CVE-2025-30095 affects VyOS 1.3–1.5 (fixed in 1.4.2) and can also impact any Debian-based system using Dropbear with live-build due to identical Dropbear private host keys across installations. This enables active man-in-the-middle attacks on SSH if Dropbear is used as the SSH daemon; VyOS’s cons...