← voltar
CVE-2025-32433

Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

CVSS 10 CRITICALEPSS 97.7%● KEVCWE-306
Em resumo

O servidor SSH do Erlang/OTP possui uma falha crítica que permite que atacantes executem comandos em sistemas afetados sem precisar de senha ou credenciais válidas. Este é um risco de segurança grave porque qualquer pessoa na rede pode potencialmente assumir o controle do servidor.

Detalhe técnico

Uma falha no tratamento de mensagens do protocolo SSH em versões do Erlang/OTP anteriores a OTP-27.3.3, OTP-26.2.5.11 e OTP-25.3.2.20 permite execução remota de código não autenticada. A vulnerabilidade requer acesso à rede do servidor SSH, mas nenhuma autenticação prévia; atacantes podem explorar validação inadequada de mensagens para executar comandos arbitrários com privilégios do servidor.

Resumo gerado e traduzido por IA a partir da descrição oficial.
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
erlang · otp
PoCs públicas encontradas39
githubgithub.com/ProDefense/CVE-2025-32433142githubgithub.com/omer-efe-curkus/CVE-2025-32433-Erlang-OTP-SSH-RCE-PoC16githubgithub.com/NiteeshPujari/CVE-2025-32433-PoC7githubgithub.com/0xPThree/cve-2025-324336githubgithub.com/m0usem0use/erl_mouse5githubgithub.com/ekomsSavior/POC_CVE-2025-324335githubgithub.com/exa-offsec/ssh_erlangotp_rce3githubgithub.com/dollarboysushil/CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE3githubgithub.com/LemieOne/CVE-2025-324333githubgithub.com/0x7556/CVE-2025-324333githubgithub.com/darses/CVE-2025-324333githubgithub.com/yonathanpy/CVE-2025-32433.py2githubgithub.com/mirmeweu/cve-2025-324332githubgithub.com/AntonieSoga/Erlang-OTP-PoC_CVE-2025-324332githubgithub.com/joshuavanderpoll/cve-2025-324332githubgithub.com/becrevex/CVE-2025-324331githubgithub.com/Know56/CVE-2025-324331githubgithub.com/teamtopkarl/CVE-2025-324331githubgithub.com/bilalz5-github/Erlang-OTP-SSH-CVE-2025-324331githubgithub.com/iteride/CVE-2025-324331githubgithub.com/vigilante-1337/CVE-2025-324330githubgithub.com/Epivalent/CVE-2025-32433-detection0githubgithub.com/meloppeitreet/CVE-2025-32433-Remote-Shell0githubgithub.com/ps-interactive/lab_CVE-2025-324330githubgithub.com/MrDreamReal/CVE-2025-324330githubgithub.com/abrewer251/CVE-2025-32433_Erlang-OTP_PoC0githubgithub.com/te0rwx/CVE-2025-32433-Detection0githubgithub.com/Mdusmandasthaheer/CVE-2025-324330githubgithub.com/l1nuxkid/CVE-2025-32433-exploit0githubgithub.com/soltanali0/CVE-2025-32433-Eploit0githubgithub.com/giriaryan694-a11y/cve-2025-32433_rce_exploit0githubgithub.com/blackcat4347/CVE-2025-32433-available-for-windows0githubgithub.com/carlosalbertotuma/CVE-2025-324330githubgithub.com/0xBlackash/CVE-2025-324330githubgithub.com/leehunkoo/hk_CVE-2025-324330githubgithub.com/chuzouX/CVE-2025-32433-Exploit-edited0githubgithub.com/dampedcoast/Exploiting-a-vulnerability-using-reverse-shell0githubgithub.com/ODST-Forge/CVE-2025-32433_PoC0cve_referencegithub.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.pynão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892fhttps://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.pyhttps://lists.debian.org/debian-lts-announce/2025/04/msg00028.htmlhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZyhttps://security.netapp.com/advisory/ntap-20250425-0001/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433http://www.openwall.com/lists/oss-security/2025/04/16/2http://www.openwall.com/lists/oss-security/2025/04/18/1http://www.openwall.com/lists/oss-security/2025/04/18/2