Today, we’ve released a brand-new lab focusing on a critical vulnerability in the Erlang/OTP SSH server.
On April 16, 2025, a critical vulnerability, identified as CVE-2025-32433, was disclosed in the Erlang/OTP SSH server. This critical vulnerability allows unauthenticated attackers to execute arbitrary code on affected systems by sending specially crafted SSH messages before authentication. After these messages have been sent, attackers have code execution on the victim machine.
This lab will walk you through the mechanics of this vulnerability, helping you understand its implications and learn how an attacker could exploit it.
Why is this lab important?
Given Erlang's widespread use in telecommunications, IoT, and distributed systems, this vulnerability poses a significant risk to victims in multiple sectors and industries. Customers using Erlang should assess its vulnerability status and patch as soon as practicable.
Who is this lab for?
This lab is an offensive CTI lab, so it primarily benefits penetration testers and red teamers. That said, it's still incredibly valuable for defensive personas as well, so they can see how the attack could work. These personas include:
- SOC Analysts
- Incident Responders
- Threat Hunters
Here is the link to the lab: https://iml.immersivelabs.online/v2/labs/cve-2025-35433-erlang-ssh-offensive
Immerser