CVE-2025-59951

| EUVD-2025-33187 CRITICAL
2025-10-01 [email protected]
9.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

5
Analysis Generated
Mar 13, 2026 - 18:18 vuln.today
EUVD ID Assigned
Mar 13, 2026 - 18:18 euvd
EUVD-2025-33187
PoC Detected
Oct 20, 2025 - 18:37 vuln.today
Public exploit code
Patch Released
Oct 20, 2025 - 18:37 nvd
Patch available
CVE Published
Oct 01, 2025 - 22:15 nvd
CRITICAL 9.1

Tags

Nginx Docker Authentication Bypass Termix

Description

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's IP when using the req.ip method. This results in isLocalhost always returning True. Consequently, the /ssh/db/host/internal endpoint can be accessed directly without login or authentication. This endpoint records the system's stored SSH host information, including addresses, usernames, and passwords, posing an extremely high security risk. Users who use the official Termix docker image, build their own image using the official dockerfile, or utilize reverse proxy functionality will be affected by this vulnerability. This issue is fixed in version 1.6.0.

Analysis

Docker default credentials in Termix server management. PoC and patch available.

Technical Context

CWE-284.

Affected Products

['Termix']

Remediation

Change defaults.

Priority Score

66
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +46
POC: +20

Share

CVE-2025-59951 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy