Termix Docker Image Leaking SSH Credentials (CVE-2025-59951)
gbhackersA critical vulnerability in the official Termix Docker image puts users at risk of exposing sensitive SSH credentials.
The flaw allows anyone with network access to retrieve stored host addresses, usernames, and passwords without logging in.
How the Vulnerability Works
Termix provides a Docker image that runs a Node.js backend behind an Nginx reverse proxy.
The backend code uses the req.ip method to determine if a request came from the local machine, as reported by Security Researchers.
Because Nginx and Termix run in the same environment, req.ip always returns the proxy’s IP address (127.0.0.1). This makes the application believe every request is from localhost.
| CVE ID | CVE-2025-59951 |
| Package | Termix (Node.js) |
| Affected Versions | release-0.1.1-tag – release-1.6.0-tag |
| Patched Versions | None |
| Severity | Critical |
As a result, anyone can call the /ssh/db/host/internal endpoint and retrieve SSH host details without any ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE