CVE-2025-59951CRITICAL 9.1EPSS p90.7%

CVE-2025-59951CVE-2025-59951

Description

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's IP when using the req.ip method. This results in isLocalhost always returning True. Consequently, the /ssh/db/host/internal endpoint can be accessed directly without login or authentication. This endpoint records the system's stored SSH host information, including addresses, usernames, and passwords, posing an extremely high security risk. Users who use the official Termix docker image, build their own image using the official dockerfile, or utilize reverse proxy functionality will be affected by this vulnerability. This issue is fixed in version 1.6.0.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS4.71% probability of exploitation · percentile 90.7% · 2026-06-18T12:00:27Z
Published2025-10-01
Last modified2025-10-20

Underlying weaknesses· 3

CWE-284CWE-348CWE-345

References

  1. https://github.com/LukeGus/Termix/pull/221
  2. https://github.com/LukeGus/Termix/security/advisories/GHSA-92cw-877q-6r94
  3. https://github.com/LukeGus/Termix/security/advisories/GHSA-92cw-877q-6r94

3

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live
WeaknessInsufficient Verification of Data Authenticitycwe-3450%live
WeaknessUse of Less Trusted Sourcecwe-3480%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-45748
CVE
CVE-2026-42454
CVE
CVE-2026-45744
CVE
CVE-2026-45743
CVE
CVE-2026-45750
CVE
CVE-2026-45746
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.