Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-32433 PoC — Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

Source
https://github.com/mirmeweu/cve-2025-32433
Associated Vulnerability
Title:Erlang/OTP SSH Vulnerable to Pre-Authentication RCE (CVE-2025-32433)
Description:Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
Description
the task from C*****k
Readme
# CVE-2025-32433 -  Pre-Auth RCE in Erlang/OTP SSH Server

-  ### [Ссылка на подробный райтап](write-up.md)

- ### Все рассмотренные уязвимые версии используя докер:
    - #### [Erlang/OTP-25.3.2](otp25.3.2/)
    - #### [Erlang/OTP-26.2.5.11](otp26.2.5.11/)
    - #### [Erlang/OTP-27.3.2](otp27.3.2/)

- ### [Ссылка на сплойт](test.py)

- ### Ссылки на файлы, для массовой проверки:
    - #### [Шаблон для активной проверки](mass-check/active.yaml)
    - #### [Шаблон для пассивной проверки](mass-check/passive.yaml)
    - #### [Сплойт для массовой проверки на питоне](mass-check/mass_check.py)
    - #### [Сплойт для массовой проверки на Go](mass-check/active_go.go)

- ### Все картинки подгружаются с папки [images](images/)
File Snapshot

 [4.0K]  /data/pocs/89ea416d347c5bb1d07ca83c20fa5314db295b4a
├── [1.7K]  alive.txt
├── [ 50K]  cpe.txt
├── [4.0K]  erlang17.0
│   ├── [ 981]  Dockerfile
│   └── [ 588]  ssh_server.erl
├── [4.0K]  images
│   ├── [ 35K]  check1.png
│   ├── [ 37K]  check21.png
│   ├── [ 57K]  check2.png
│   ├── [ 24K]  check31.png
│   ├── [ 57K]  check3.png
│   ├── [ 25K]  check41.png
│   ├── [ 62K]  check4.png
│   ├── [ 57K]  check.png
│   ├── [250K]  image-1.png
│   ├── [ 67K]  image1.png
│   ├── [ 67K]  image2.png
│   ├── [134K]  image-3.png
│   ├── [ 66K]  image3.png
│   ├── [160K]  image-4.png
│   ├── [ 67K]  image4.png
│   ├── [214K]  image.png
│   ├── [413K]  result_active.png
│   └── [493K]  result_passive.png
├── [4.0K]  mass-check
│   ├── [8.2M]  active_go
│   ├── [9.8K]  active_go.go
│   ├── [6.6K]  active.yaml
│   ├── [  28]  go.mod
│   ├── [7.2K]  mass_check.py
│   └── [1.4K]  passive.yaml
├── [4.0K]  otp25.3.2
│   ├── [ 883]  Dockerfile
│   └── [ 588]  ssh_server.erl
├── [4.0K]  otp26.2.5.11
│   ├── [ 862]  Dockerfile
│   └── [ 588]  ssh_server.erl
├── [4.0K]  otp27.3.2
│   ├── [ 908]  Dockerfile
│   └── [ 588]  ssh_server.erl
├── [ 981]  README.md
├── [ 12K]  test.py
├── [ 161]  urls.txt
└── [ 83K]  write-up.md

7 directories, 38 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →