CVE-2025-32433— Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

CVSS 10.0 · Critical KEV EPSS 47.07% · P98 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-32433

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

Source: NVD (National Vulnerability Database)

Vulnerability Description

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

关键功能的认证机制缺失

Source: NVD (National Vulnerability Database)

Vulnerability Title

Erlang/OTP 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Erlang/OTP是Erlang/OTP开源的一个JavaScript编写的处理处理异常的库。该库可以捕捉node.js内置API引发的异常。 Erlang/OTP 27.3.3之前版本存在访问控制错误漏洞，该漏洞源于SSH协议消息处理缺陷，可能导致远程代码执行。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
erlang	otp	>= OTP-27.0-rc1, < OTP-27.3.3	-

II. Public POCs for CVE-2025-32433

#	POC Description	Source Link	Shenlong Link
1		https://github.com/vulhub/vulhub/blob/master/erlang/CVE-2025-32433/README.md	POC Details
2	Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials.	https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2025/CVE-2025-32433.yaml	POC Details
3	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E5%85%B6%E4%BB%96%E6%BC%8F%E6%B4%9E/Erlang%20OTP%20SSH%E6%9C%AA%E6%8E%88%E6%9D%83%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2025-32433.md	POC Details
4	CVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2	https://github.com/ProDefense/CVE-2025-32433	POC Details
5	None	https://github.com/ekomsSavior/POC_CVE-2025-32433	POC Details
6	None	https://github.com/Epivalent/CVE-2025-32433-detection	POC Details
7	Security research on Erlang/OTP SSH CVE-2025-32433.	https://github.com/darses/CVE-2025-32433	POC Details
8	Missing Authentication for Critical Function (CWE-306)-Exploit	https://github.com/LemieOne/CVE-2025-32433	POC Details
9	Erlang/OTP SSH 远程代码执行漏洞	https://github.com/teamtopkarl/CVE-2025-32433	POC Details
10	python script to find vulnerable targets of CVE-2025-32433	https://github.com/m0usem0use/erl_mouse	POC Details
11	Exploitation module for CVE-2025-32433 (Erlang/OTP)	https://github.com/exa-offsec/ssh_erlangotp_rce	POC Details
12	The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication.	https://github.com/omer-efe-curkus/CVE-2025-32433-Erlang-OTP-SSH-RCE-PoC	POC Details
13	None	https://github.com/0xPThree/cve-2025-32433	POC Details
14	Go-based exploit for CVE-2025-32433	https://github.com/meloppeitreet/CVE-2025-32433-Remote-Shell	POC Details
15	CVE lab to accompany CVE course for CVE-2025-32433	https://github.com/ps-interactive/lab_CVE-2025-32433	POC Details
16	CVE-2025-32433 Erlang/OTP SSH RCE Exploit SSH远程代码执行漏洞EXP	https://github.com/0x7556/CVE-2025-32433	POC Details
17	Erlang OTP SSH NSE Discovery Script	https://github.com/becrevex/CVE-2025-32433	POC Details
18	CVE-2025-32433 Summary and Attack Overview	https://github.com/MrDreamReal/CVE-2025-32433	POC Details
19	CVE-2025-32433 is a vuln of ssh	https://github.com/Know56/CVE-2025-32433	POC Details
20	This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers	https://github.com/abrewer251/CVE-2025-32433_Erlang-OTP_PoC	POC Details
21	This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers	https://github.com/ODST-Forge/CVE-2025-32433_PoC	POC Details
22	Exploit Erlang/OTP SSH CVE-2025-32433 in a lab setup.	https://github.com/C9b3rD3vi1/Erlang-OTP-SSH-CVE-2025-32433	POC Details
23	CVE-2025-32433 – Erlang/OTP SSH vulnerability allowing pre-auth RCE	https://github.com/bilalz5-github/Erlang-OTP-SSH-CVE-2025-32433	POC Details
24	A critical flaw has been discovered in Erlang/OTP's SSH server allows unauthenticated attackers to gain remote code execution. One malformed SSH handshake bypasses authentication and exploits improper handling of SSH protocol messages.	https://github.com/vigilante-1337/CVE-2025-32433	POC Details
25	CVE-2025-32433 Erlang SSH Library Exploit 🛑	https://github.com/B1ack4sh/Blackash-CVE-2025-32433	POC Details
26	Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling	https://github.com/Yuri08loveElaina/CVE-2025-32433-Erlang-OTP-SSH-Pre-Auth-RCE-exploit	POC Details
27	CVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2	https://github.com/platsecurity/CVE-2025-32433	POC Details
28	CVE-2025-32433 PoC: Unauthenticated Remote Code Execution (RCE) in Erlang/OTP SSH. Includes a vulnerable Docker environment and an interactive Python exploit script for ethical hacking & CTF challenges.	https://github.com/NiteeshPujari/CVE-2025-32433-PoC	POC Details
29	None	https://github.com/te0rwx/CVE-2025-32433-Detection	POC Details
30	None	https://github.com/Mdusmandasthaheer/CVE-2025-32433	POC Details
31	PoC showing unauthenticated remote code execution in Erlang/OTP SSH server. By exploiting a flaw in SSH protocol message handling, an attacker can execute arbitrary commands on the target without valid credentials.	https://github.com/dollarboysushil/CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE	POC Details
32	🔍 Explore a working PoC for CVE-2025-32433, demonstrating its impact and providing insights for security professionals and developers.	https://github.com/scandijamjam1/CVE-2025-32433	POC Details
33	test	https://github.com/iteride/CVE-2025-32433	POC Details
34	the task from C*****k	https://github.com/mirmeweu/cve-2025-32433	POC Details
35	These is a PoC for the CVE-2025-32433 vulnerability, do NOT test on systems that you dont own!!!	https://github.com/Batman529/PoC-CVE-2025-32433	POC Details
36	None	https://github.com/toshithh/CVE-2025-32433	POC Details
37	None	https://github.com/l1nuxkid/CVE-2025-32433-exploit	POC Details
38	Erlang/OTP SSH	https://github.com/radzek15/CVE-2025-32433	POC Details
39	Erlang/OTP SSH Vulnerable to Pre-Authentication RCE	https://github.com/soltanali0/CVE-2025-32433-Eploit	POC Details
40	CVE-2025-32433 Erlang SSH Library Exploit 🛑	https://github.com/Ashwesker/Blackash-CVE-2025-32433	POC Details
41	This exploit script is designed to simplify exploitation of the Erlang/OTP SSH vulnerability CVE-2025-32433 in the TryHackMe lab environment.	https://github.com/giriaryan694-a11y/cve-2025-32433_rce_exploit	POC Details
42	CVE-2025-32433 Erlang SSH Library Exploit 🛑	https://github.com/Ashwesker/Ashwesker-CVE-2025-32433	POC Details
43	None	https://github.com/AntonieSoga/Erlang-OTP-PoC_CVE-2025-32433	POC Details
44	None	https://github.com/blackcat4347/CVE-2025-32433-available-for-windows	POC Details
45	None	https://github.com/carlosalbertotuma/CVE-2025-32433	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-32433

请登录查看更多情报信息。

https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2x_refsource_CONFIRM
https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891x_refsource_MISC
https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12x_refsource_MISC
https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892fx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2025-32433

IV. Related Vulnerabilities

Same product: otp

Same vendor: erlang

Same weakness: CWE-306

V. Comments for CVE-2025-32433

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-32433— Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

I. Basic Information for CVE-2025-32433

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2025-32433

III. Intelligence Information for CVE-2025-32433

IV. Related Vulnerabilities

V. Comments for CVE-2025-32433

Leave a comment