POC详情: f5255f0450832c24e539615fdf9fb90000cc871e

来源
https://github.com/vigilante-1337/CVE-2025-32433
关联漏洞
标题: Erlang/OTP 访问控制错误漏洞 (CVE-2025-32433)
描述:Erlang/OTP是Erlang/OTP开源的一个JavaScript编写的处理处理异常的库。该库可以捕捉node.js内置API引发的异常。 Erlang/OTP 27.3.3之前版本存在访问控制错误漏洞,该漏洞源于SSH协议消息处理缺陷,可能导致远程代码执行。
描述
A critical flaw has been discovered in Erlang/OTP's SSH server allows unauthenticated attackers to gain remote code execution. One malformed SSH handshake bypasses authentication and exploits improper handling of SSH protocol messages.
介绍
# CVE-2025-32433: Erlang/OTP's SSH Server Exploit
_______________________________
![ScreenShot](https://github.com/vigilante-1337/CVE-2025-32433/raw/main/static/CVE-2025-32433.png) 


## Information
CVE-2025-32433: A critical flaw has been discovered in Erlang/OTP's SSH server allows 
unauthenticated attackers to gain remote code execution. One malformed SSH handshake 
bypasses authentication and exploits improper handling of SSH protocol messages.

##
Affected Version:
----------------
- <= OTP-27.3.2
- <= OTP-26.2.5.10
- <= OTP-25.3.2.19
##

## Installation
You should first install the vulnerable lab, theres a guide on the [Docker](https://github.com/vigilante-1337/CVE-2025-32433/blob/main/Docker/setup) folder
```bash
~$ git clone https://github.com/vigilante-1337/CVE-2025-32433
~$ cd CVE-2025-32433
~$ chmod +x exploit
~$ exploit
```
文件快照

 [4.0K]  /data/pocs/f5255f0450832c24e539615fdf9fb90000cc871e
├── [4.0K]  Docker
│   └── [1.5K]  setup
├── [ 12K]  exploit
├── [ 848]  README.md
└── [4.0K]  static
    ├── [ 45K]  affected-version.png
    └── [102K]  CVE-2025-32433.png

2 directories, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。