admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create Erlang-OTP SSH Server Code Execution Vulnerability (CVE-2025-32433).md

Browse Source
This commit is contained in:
Goby 2025-04-25 18:04:19 +08:00 committed by GitHub
parent 4552f30cf7
commit 614427b789
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Erlang-OTP SSH Server Code Execution Vulnerability (CVE-2025-32433).md Normal file
View File

@ -0,0 +1,14 @@
**Updated document date: April 25, 2025**
## Erlang/OTP SSH Server Code Execution Vulnerability (CVE-2025-32433)
| **Vulnerability** | LErlang/OTP SSH Server Code Execution Vulnerability (CVE-2025-32433)|
| :----: | :-----|
| **Chinese name** |Erlang/OTP SSH服务器 代码执行漏洞CVE-2025-32433 |
| **CVSS core** | 10 |
| **FOFA Query** (click to view the results directly)| [protocol="ssh" && banner="Erlang"]
| **Number of assets affected** | 600+ |
| **Description** |Erlang/OTP is a widely used programming language and runtime system primarily for building distributed systems. A critical security vulnerability exists in the Erlang/OTP SSH implementation, allowing attackers to execute arbitrary code without authentication by exploiting flaws in SSH protocol message handling.|
| **Impact** | When the SSH daemon runs with root privileges, attackers can gain full control of the device. This vulnerability affects all SSH servers based on the Erlang/OTP SSH library.|
| **Affected versions** | <OTP-27.3.3、<OTP-26.2.5.11、<OTP-25.3.2.20
![](https://s3.bmp.ovh/imgs/2025/04/25/7ff1a6f8da167768.gif)