CVE-2025-30095

Name of the Vulnerable Software and Affected Versions VyOS versions 1.3 through 1.5

Description The issue allows an attacker to conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the SSH daemon, due to the same Dropbear private host keys being used across different installations. This is not the default configuration for the system SSH daemon in VyOS, but it is for the console service. The problem is not unique to VyOS and may appear in any Debian-based Linux distribution that uses Dropbear in combination with live-build.

Recommendations For VyOS versions 1.3 through 1.5, to mitigate this issue, run the commands "rm -f /etc/dropbear/key" and/or "rm -f /etc/dropbear-initramfs/key" and then "dropbearkey -t rsa -s 4096 -f /etc/dropbear rsa host key" and reload the service or reboot the system before using Dropbear as the SSH daemon. Alternatively, update to the latest version of VyOS 1.4 or 1.5.