Erlang/OTP disclosed CVE-2025-32433 in its SSH implementation as an unauthenticated remote code execution vulnerability, tracked in GitHub advisory GHSA-37cp-fgq5-7wc2. Public descriptions characterize the issue as a pre-authentication flaw tied to improper handling of SSH protocol messages, including malformed SSH_MSG_CHANNEL_REQUEST packets, allowing attackers to execute code on exposed Erlang-based SSH servers without valid credentials. Several repositories also describe the weakness as related to missing authentication for a critical function (CWE-306).
After disclosure, GitHub saw a rapid spread of public exploit material, including proof-of-concept code, remote shell implementations, offensive modules, lab-focused exploit scripts, and later detection tooling. Repositories from multiple authors published exploit variants in Go and other formats, along with testing tools for identifying vulnerable systems, indicating that exploitation knowledge quickly became broadly accessible to both defenders and attackers. The volume and persistence of these repositories suggest that organizations running Erlang/OTP SSH services faced elevated risk of opportunistic scanning and weaponized exploitation soon after the advisory became public.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
7 events from the most recent confirmed update back to the earliest known activity.
Further GitHub repositories referencing exploit code for CVE-2025-32433 were published later in 2025 and early 2026, showing sustained interest and continued reposting or adaptation of offensive tooling.
A GitHub repository released detection-focused tooling for CVE-2025-32433, adding defensive capability to identify vulnerable systems or related activity.
A later GitHub repository published an additional proof-of-concept exploit for the unauthenticated Erlang/OTP SSH RCE, reflecting ongoing public circulation of exploit code months after disclosure.
Another GitHub repository released a custom security testing tool for identifying or exploiting the critical pre-authentication Erlang-based SSH vulnerability, expanding publicly available tooling.
A dedicated exploitation module for the Erlang/OTP SSH vulnerability was published on GitHub, showing continued maturation of offensive tooling beyond basic proof-of-concept code.
Within days of disclosure, multiple GitHub repositories published exploit code or attack overviews for CVE-2025-32433, indicating rapid public weaponization and researcher interest. Early examples appeared from April 18 onward.
The Erlang/OTP project published a security advisory for CVE-2025-32433, describing an unauthenticated remote code execution flaw in Erlang/OTP SSH. This marks the public disclosure of the vulnerability by the vendor.
14 references tracked. Mallory keeps watching after this page renders.
github.com
Open sourcegithub.com
Open sourcegithub.com
Open sourcegithub.com
Open sourcegithub.com
Open sourcegithub.com
Open sourcegithub.com
Open sourcegithub.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.