VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-bhqe-322z-xqhq

Essentials
Severities (10)
References (11)
Severity details (9)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-bhqe-322z-xqhq
Aliases	CVE-2025-32433
Summary
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-306

Missing Authentication for Critical Function

System	Score	Found at
epss	0.59722	https://api.first.org/data/v1/epss?cve=CVE-2025-32433
cvssv3.1	9.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	10	https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12
ssvc	Act	https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12
cvssv3.1	10	https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f
ssvc	Act	https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f
cvssv3.1	10	https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891
ssvc	Act	https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891
cvssv3.1	10	https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
ssvc	Act	https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2025-32433
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32433
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12		https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12
1103442		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103442
6eef04130afc8b0ccb63c9a0d8650209cf54892f		https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f
b1924d37fd83c070055beb115d5d6a6a9490b891		https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891
GHSA-37cp-fgq5-7wc2		https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
USN-7443-1		https://usn.ubuntu.com/7443-1/
USN-7443-2		https://usn.ubuntu.com/7443-2/
USN-7443-3		https://usn.ubuntu.com/7443-3/

Data source	Metasploit
Description	This module detect and exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH servers that allows remote command execution. By sending crafted SSH packets, it executes a payload to establish a reverse shell on the target system. The exploit leverages a flaw in the SSH protocol handling to execute commands via the Erlang `os:cmd` function without requiring authentication.
Note	Stability: - crash-safe Reliability: - repeatable-session SideEffects: - ioc-in-logs
Ransomware campaign use	Unknown
Source publication date	April 16, 2025
Platform	Linux,Unix
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/ssh/ssh_erlangotp_rce.rb

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-20T03:55:59Z/ Found at https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-20T03:55:59Z/ Found at https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-20T03:55:59Z/ Found at https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-20T03:55:59Z/ Found at https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2

Exploit Prediction Scoring System (EPSS)

Percentile	0.98287
EPSS Score	0.59722
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T10:10:24.155793+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.21/community.json	38.6.0