CVE-2025-32433CISA KEV: Actively Exploited

Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability

Published Jun 9, 2025·Updated Jun 9, 2025

Description

Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.

Public Exploits & PoCs37 found

PoC: CVE-2025-32433

CVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2

34

PoC: CVE-2025-32433-PoC

CVE-2025-32433 PoC: Unauthenticated Remote Code Execution (RCE) in Erlang/OTP SSH. Includes a vulnerable Docker environment and an interactive Python exploit script for ethical hacking & CTF challenges.

3

PoC: CVE-2025-32433

Missing Authentication for Critical Function (CWE-306)-Exploit

3

PoC: CVE-2025-32433

CVE-2025-32433 Erlang/OTP SSH RCE Exploit SSH远程代码执行漏洞EXP

2

PoC: cve-2025-32433

Go PoC for CVE-2025-32433 — unauthenticated RCE in Erlang/OTP SSH.

1

PoC: CVE-2025-32433.py

CVE-2025-32433 PoC – SSH Protocol Python-based PoC for controlled lab testing of SSH message handling, channel operations, and pre-auth interactions. Designed for safe security research and analysis.

1

PoC: cve-2025-32433

the task from C*****k

1

PoC: CVE-2025-32433

CVE-2025-32433 is a vuln of ssh

1

PoC: CVE-2025-32433

Erlang OTP SSH NSE Discovery Script

1

PoC: Erlang-OTP-CVE-2025-32433

This Python script exploits the CVE-2025-32433 vulnerability in certain versions of the Erlang SSH daemon.

1

PoC: CVE-2025-32433-Erlang-OTP-SSH-RCE-PoC

The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication.

1

PoC: Exploiting-a-vulnerability-using-reverse-shell

This project simulates a real-world attack-and-defend scenario across two virtual machines. You will exploit a critical pre-authentication RCE vulnerability (CVE-2025-32433) in an Erlang/OTP SSH server, crack extracted password hashes, and then harden the victim machine with firewall rules and patching.

PoC: CVE-2025-32433-Exploit-edited

Based on the original version:https://github.com/vulhub/vulhub/blob/master/erlang/CVE-2025-32433/exploit.py Replace Unicode checkmark with ASCII character for Windows compatibility

PoC: CVE-2025-32433

CVE-2025-32433

PoC: CVE-2025-32433-available-for-windows

CVE-2025-32433-available-for-windows

PoC: cve-2025-32433_rce_exploit

This exploit script is designed to simplify exploitation of the Erlang/OTP SSH vulnerability CVE-2025-32433 in the TryHackMe lab environment.

PoC: CVE-2025-32433-Eploit

Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

PoC: CVE-2025-32433

Erlang/OTP SSH

PoC: PoC-CVE-2025-32433

These is a PoC for the CVE-2025-32433 vulnerability, do NOT test on systems that you dont own!!!

PoC: CVE-2025-32433

test

PoC: CVE-2025-32433

🔍 Explore a working PoC for CVE-2025-32433, demonstrating its impact and providing insights for security professionals and developers.

PoC: CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE

PoC showing unauthenticated remote code execution in Erlang/OTP SSH server. By exploiting a flaw in SSH protocol message handling, an attacker can execute arbitrary commands on the target without valid credentials.

PoC: CVE-2025-32433-Erlang-OTP-SSH-Pre-Auth-RCE-exploit

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling

PoC: Blackash-CVE-2025-32433

CVE-2025-32433 Erlang SSH Library Exploit 🛑

PoC: CVE-2025-32433

A critical flaw has been discovered in Erlang/OTP's SSH server allows unauthenticated attackers to gain remote code execution. One malformed SSH handshake bypasses authentication and exploits improper handling of SSH protocol messages.

PoC: Erlang-OTP-SSH-CVE-2025-32433

CVE-2025-32433 – Erlang/OTP SSH vulnerability allowing pre-auth RCE

PoC: Erlang-OTP-SSH-CVE-2025-32433

Exploit Erlang/OTP SSH CVE-2025-32433 in a lab setup.

PoC: CVE-2025-32433_PoC

This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers

PoC: CVE-2025-32433_Erlang-OTP_PoC

This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers

PoC: CVE-2025-32433

CVE-2025-32433 Summary and Attack Overview

PoC: CVE-2025-32433

CVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2

PoC: lab_CVE-2025-32433

CVE lab to accompany CVE course for CVE-2025-32433

PoC: CVE-2025-32433-Remote-Shell

Written for deepening my understanding of CVE-2025-32433, and more practice in Go.

PoC: ssh_erlangotp_rce

Exploitation module for CVE-2025-32433 (Erlang/OTP)

PoC: erl_mouse

python script to find vulnerable targets of CVE-2025-32433

PoC: CVE-2025-32433

Erlang/OTP SSH 远程代码执行漏洞

PoC: CVE-2025-32433

Security research on Erlang/OTP SSH CVE-2025-32433.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free