Erlang/OTP SSH 中未经身份验证的远程代码执行

Erlang/OTP SSH 中未经身份验证的远程代码执行
Unauthenticated Remote Code Execution in Erlang/OTP SSH

原始链接: https://nvd.nist.gov/vuln/detail/CVE-2025-32433

CVE-2025-32433 描述了Erlang/OTP SSH服务器中的一个严重安全漏洞，影响 OTP-27.3.3、OTP-26.2.5.11 和 OTP-25.3.2.20 之前的版本。此漏洞允许未经身份验证的攻击者通过利用SSH协议消息处理中的弱点来实现远程代码执行（RCE）。成功利用该漏洞将授予未经授权的系统访问权限，并能够在没有有效凭据的情况下执行任意命令。 OTP-27.3.3、OTP-26.2.5.11 和 OTP-25.3.2.20 版本已修复此漏洞。作为临时解决方案，建议用户禁用SSH服务器或实施防火墙规则以限制访问。此漏洞被归类为CWE-306，表明关键功能缺少身份验证。

Hacker News 最新 | 过去 | 评论 | 提问 | 展示 | 招聘 | 提交登录 Erlang/OTP SSH 中存在未经身份验证的远程代码执行漏洞 (nist.gov) kimi 1小时前提交，17 分 | 隐藏 | 过去 | 收藏 | 讨论加入我们 6 月 16-17 日在旧金山举办的 AI 初创企业学校！指南 | 常见问题 | 列表 | API | 安全 | 法律 | 申请 YC | 联系我们搜索：

（评论） 2024-03-31

RegreSSHion：基于 glibc 的 Linux 系统上 OpenSSH 服务器中的 RCE 2024-07-02

（评论） 2025-03-29

上游 xz/liblzma 中的后门导致 SSH 服务器受损 2024-03-30

原文

Received

This CVE record has recently been published to the CVE List and has been included within the NVD dataset.

Description

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

CVSS 3.x Severity and Vector Strings:

CVSS 2.0 Severity and Vector Strings:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-306	Missing Authentication for Critical Function	GitHub, Inc.

Change History

2 change records found show changes

CVE Modified by CVE 4/16/2025 6:15:14 PM

Action	Type	Old Value	New Value
Added	Reference		http://www.openwall.com/lists/oss-security/2025/04/16/2

New CVE Received from GitHub, Inc. 4/16/2025 6:15:14 PM

Action	Type	New Value
Added	Description	Record truncated, showing 500 of 584 characters. View Entire Change Record Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary w
Added	CVSS V3.1	AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Added	CWE	CWE-306
Added	Reference	https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12
Added	Reference	https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f
Added	Reference	https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891
Added	Reference	https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2

Quick Info

CVE Dictionary Entry:
CVE-2025-32433
NVD Published Date:
04/16/2025
NVD Last Modified:
04/16/2025
Source:
GitHub, Inc.