Critical Vulnerability in Erlang/OTP SSH Exposes Devices to Remote Code Execution
A newly discovered vulnerability in the Erlang/OTP SSH implementation, tracked as CVE-2025-32433, allows unauthenticated attackers to execute remote code. With public exploits now available, the urgen...
Critical #ErlangOTP #SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now
Whoa, heads up cybersecurity folks! There's a particularly nasty bug making the rounds: **CVE-2025-32433** in Erlang/OTP SSH. And yes, it scored a perfect CVSS 10.0 
.
We're talking potential **unauthorized remote code execution** here. Basically, an attacker can sneak SSH messages through *before* any authentication even happens. Think about that for a second. If your SSH daemon happens to be running as root... well, that's pretty much game over for the system.
This isn't just a minor issue; it impacts *anyone* using the Erlang/OTP SSH implementation.
**The good news?** Patches are available! You'll want to update to one of these versions ASAP:
* OTP-27.3.3
* OTP-26.2.5.11
* OTP-25.3.2.20
Speaking as a pentester, gotta say, that's a clever (and worrying!) vulnerability path 
. Another thing to keep in mind: your typical automated vulnerability scanners might completely miss this one due to the pre-auth nature.
So, what's your take? Have any of you run into this yet or started testing for it? Curious to know what tools you're finding effective for detection or exploitation testing! Let's discuss 
https://log.pyratebeard.net/entry/20250418-a_tale_of_two_gits.html
a tale of two gits - using my main git config to commit and push code as different users to different remote accounts
Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now
Critical Erlang/OTP SSH Vulnerability Exposes Systems to Remote Code Execution
A severe vulnerability in the Erlang/OTP SSH daemon allows unauthenticated remote code execution, prompting urgent action from developers and organizations. With a maximum severity score of 10.0, this...
Disable password logins on the SERVER in favour of using SSH keys for authentication. Create the necessary SSH keys on a NetBSD CLIENT that will be used to secure access to remote devices:
Neat, OpenSSH client adds variable expansion in "User".
This will allow for much simpler PAM (the privileged access management one) related configuration - for example, expanding user into user%original_hostname etc.
https://github.com/openssh/openssh-portable/commit/bd30cf784d6e825ef71592fb723c41d4f2fd407b
we talk about ssh with @jtk and bam there is this
https://vulnerability.circl.lu/vuln/CVE-2025-32433#sightings
“SSH server (Erlang) may allow an attacker to perform unauthenticated remote code execution (RCE).”
We should be careful when we talk.
Call for volunteer data:
Looking for real sets of hash-protected ssh ~/.ssh/known_hosts files/records, to tune cracking attack stacks on. The bigger the better.
Requirements: the cipher type and the fingerprint are not needed -- just need the hash and salt (first couple of base64 fields).
Individual cracks won't be published. If you want your own cracks, strong proof of ownership required. DM me!
Proxmox zu sichern und zu härten ist kein Luxus, sondern Pflicht. Ob Firewall, SSH-Absicherung, 2FA oder Fail2Ban – jede Maßnahme zählt. In meinem Artikel gibt’s klare Schritte für mehr Sicherheit und weniger Angriffsfläche.
https://ralf-peter-kleinert.de/linux-server/proxmox-server-sichern-haerten.html
I had time to update my old #Teleport #vagrant setup to work with the current @opensuse packages maintained by yours truly.
https://codeberg.org/johanneskastl/teleport_with_vagrant_libvirt
Also some roles were cleaned up, tested and are now fully compliant to #AnsibleLint...
I have an old #asus where the #pciex16 obviously died.
Any graphics card I put into the #pciex16 slot makes it crash and prevents it from booting. I also do not get any graphics output at all at boot.
However, I can access the pc #headless via #ssh . It has #ubuntu server installed.
Is there any chance to connect this to any modern monitor having D-SUB, so that I can at least access the #bios or set up something non-headless ?
It has a 350 W power supply, so that is probably not the issue.
#OpenSSH10 setzt auf Standards für quantensicheren Schlüsselaustausch | Security https://www.heise.de/news/OpenSSH-10-setzt-auf-Standards-fuer-quantensicheren-Schluesselaustausch-10345975.html #Verschlüsselung #encryption #SSH #OpenSSH
For your personal system hopping and coding - how many #SSH keys do you use?
Portable OpenSSH 10.0p1 will not exist. It will be known as OpenSSH 10.0p2.
https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-April/000163.html
- - -
OpenSSH portable 10.0p1 n’existera pas. Ce sera connue comme OpenSSH 10.0p2.
// Publication en anglais //
#OpenSSH 9.8 und höher kommt allmählich auf die Server. Da wird die Option PerSourcePenalties interessant (siehe https://undeadly.org/cgi?action=article;sid=20240607042157 ) die fail2ban u.ä. überflüssig machen könnte.
Konfig-Beispiele sind aber noch rar gesät. Nach der manpage zu urteilen, sollte aber
PerSourcePenalties authfail:3600s
dafür sorgen dass IPs, die Brute-Force Attacken fahren für 1 Stunde geblockt werden, korrekt?
