CVE-2025-30095

Summary

CVE-2025-30095 is a vulnerability affecting VyOS 1.3 through 1.5 and any Debian-based systems using Dropbear in combination with live-build. The issue stems from the fact that these systems share the same Dropbear private host keys across different installations, enabling an attacker to execute man-in-the-middle attacks against SSH connections if Dropbear is used as the SSH daemon. This behavior is not the default configuration for VyOS but is for the console service. To mitigate this risk, users can remove existing keys and regenerate new ones or update to the latest version of VyOS 1.4 or 1.5. It is important to note that this vulnerability is not exclusive to VyOS, as any Debian-based Linux distribution using Dropbear in conjunction with live-build could be affected, and OpenSSH includes a safeguard against this issue, but Dropbear does not.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.