Erlang/OTP SSH Server Unauthenticated Remote Command Execution (CVE-2025-32433) (Direct Check)

critical Nessus Plugin ID 242072

Language:

Version 1.11 Oct 23, 2025, 3:11 AM Logic Changes (Fix HTTP/1 library to make sure it closes unused Keep-Alive connections) Plugin Feed: 202510230311
Version 1.9 Oct 21, 2025, 3:09 AM Logic Changes (Implement workaround in SSH library to prevent triggering an engine bug.) Plugin Feed: 202510210309
Version 1.8 Oct 16, 2025, 4:39 PM Logic Changes (Implement workaround in HTTP library to prevent triggering an engine bug.) Plugin Feed: 202510161639
Version 1.6 Oct 1, 2025, 9:12 PM Logic Changes (Adding support for user-supplied header added to all HTTP requests.) Plugin Feed: 202510012112
Version 1.5 Sep 30, 2025, 12:41 AM Logic Changes (Add extra checks to see whether plugins should run. Modernisation of the HTTP/1 library. Various corrections and fixes for CPE related Flatline Test Failures. Remove spurious authentication header.) Plugin Feed: 202509300041
Version 1.4 Aug 26, 2025, 7:20 AM Logic Changes Plugin Feed: 202508260720
Version 1.3 Jul 28, 2025, 4:47 PM Logic Changes (RSA SSH certificates can use SHA2 signatures when needed) Plugin Feed: 202507281647
Version 1.2 Jul 16, 2025, 6:26 PM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploit framework metasploit" set to "True") Exploit attributes ("Exploitability ease" set to "Exploits are available") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202507161826
Version 1.1 Jul 15, 2025, 2:39 AM New Plugin Feed: 202507150239

* Changelogs are generally available for changes made after Nov 1, 2022