{"vulnerability": "GHSA-37CP-FGQ5-7WC2", "sightings": [{"uuid": "7d4ab3fe-11e2-4bc7-afe8-ac7f349ac088", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37cp-fgq5-7wc2", "type": "seen", "source": "https://bsky.app/profile/fd0.social.freebsd.amsterdam.ap.brid.gy/post/3lmzmmyonnzt2", "content": "", "creation_timestamp": "2025-04-17T17:27:07.967804Z"}, {"uuid": "9d8de18c-d666-446f-8915-685f5e773c21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37cp-fgq5-7wc2", "type": "seen", "source": "https://bsky.app/profile/timb-machine.infosec.exchange.ap.brid.gy/post/3ln2agyuru5t2", "content": "", "creation_timestamp": "2025-04-17T23:25:08.872743Z"}, {"uuid": "d4e2e70c-7df4-461f-804d-1c468eaaf22e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37cp-fgq5-7wc2", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/114620492551525583", "content": "", "creation_timestamp": "2025-06-03T16:58:39.467133Z"}, {"uuid": "95f9ca4a-f18d-47ab-a4a9-c58714e92be0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37CP-FGQ5-7WC2", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/34087", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2\nURL\uff1ahttps://github.com/rizky412/CVE-2025-32433\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-04-24T21:18:00.000000Z"}, {"uuid": "e38498df-874f-4b58-9cc5-ce676b3cd16e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37CP-FGQ5-7WC2", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/35169", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2\nURL\uff1ahttps://github.com/Yuweixn/Anydesk-Exploit-CVE-2025-12654-RCE-Builder\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-03T16:18:18.000000Z"}, {"uuid": "71aeb515-0a4e-4563-8f73-ca28b6ec14e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37CP-FGQ5-7WC2", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/35395", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2\nURL\uff1ahttps://github.com/vigilante-1337/CVE-2025-32433\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-03T13:06:56.000000Z"}, {"uuid": "0afb7bd0-6739-42d6-81ed-1edcd33a0e70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37CP-FGQ5-7WC2", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/35805", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2\nURL\uff1ahttps://github.com/Mattb709/CVE-2025-34028-PoC-Commvault-RCE\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-06T18:17:52.000000Z"}, {"uuid": "5d2fa78e-cc26-4439-b32a-a7dc823e6548", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37CP-FGQ5-7WC2", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/46323", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2\nURL\uff1ahttps://github.com/platsecurity/CVE-2025-32433\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-08-02T18:27:33.000000Z"}, {"uuid": "2e64fdf2-89cf-4f5d-8f51-28dcd2f2052e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37CP-FGQ5-7WC2", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/16205", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32433\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.\n\ud83d\udccf Published: 2025-04-16T21:34:37.457Z\n\ud83d\udccf Modified: 2025-04-16T22:03:46.067Z\n\ud83d\udd17 References:\n1. https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2\n2. https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12\n3. https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f\n4. https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891", "creation_timestamp": "2025-04-17T20:16:20.000000Z"}, {"uuid": "ab804dd7-cfd3-4b7d-9c90-5afa58e3f238", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37cp-fgq5-7wc2", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114350256396276490", "content": "", "creation_timestamp": "2025-04-16T23:34:02.099874Z"}, {"uuid": "d476d8cf-15ca-42a4-91d5-72637ccf4404", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37CP-FGQ5-7WC2", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/37158", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2\nURL\uff1ahttps://github.com/Taonauz/Anydesk-Exploit-CVE-2025-12654-RCE-Builder\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-17T18:48:47.000000Z"}, {"uuid": "3ff67c5b-3ac8-4942-93b8-ed16492d7873", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37CP-FGQ5-7WC2", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/40618", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2\nURL\uff1ahttps://github.com/byteReaper77/CVE-2025-2783-SandboxEscape\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-06-16T01:38:12.000000Z"}, {"uuid": "f779c522-ffc7-4a19-b2e8-2e7800be318b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37CP-FGQ5-7WC2", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/32754", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2\nURL\uff1ahttps://github.com/ProDefense/CVE-2025-32433\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-04-18T18:32:28.000000Z"}, {"uuid": "5650c48a-f1d2-4d9c-a2cc-c10a23d633f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37CP-FGQ5-7WC2", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/38204", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2\nURL\uff1ahttps://github.com/Nouvexr/Wing-FTP-Server-7.4.4-RCE-Authenticated\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-26T14:39:13.000000Z"}, {"uuid": "2577a4ca-9ed8-47a5-afd1-3f1fda109e2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37CP-FGQ5-7WC2", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12169", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32433\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.\n\ud83d\udccf Published: 2025-04-16T21:34:37.457Z\n\ud83d\udccf Modified: 2025-04-16T22:03:46.067Z\n\ud83d\udd17 References:\n1. https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2\n2. https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12\n3. https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f\n4. https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891", "creation_timestamp": "2025-04-16T22:57:51.000000Z"}, {"uuid": "cf92c5d6-8b9b-44c8-8d71-db8eae7035ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-37CP-FGQ5-7WC2", "type": "seen", "source": "https://t.me/TheDarkWebInformer/17793", "content": "\ud83d\udea8CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation\n\nFOFA Link: https://en.fofa.info/result?qbase64=YXBwPSJFcmxhbmci\n\nFOFA Query: app=\"Erlang\"\n\nResults: 2,257,938\n\nAdvisory: https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2\n\nCVSS: 10", "creation_timestamp": "2025-06-03T16:58:20.000000Z"}]}