Metasploit Wrap-Up 05/09/2025

New Toys and New Techniques This release features a new OPNSense login scanner, a module targeting the Sante PACS path traversal vulnerability, an additional method for stealing Network Access Account credentials via SMB to HTTP relay, and the Erlang/OTP SSH exploit everyone was excited about. Ne...

CVE-2025-28202

Incorrect access control in Victure RX1800 ENV1.0.0r12110933 allows attackers to enable SSH and Telnet services without authentication...

CVE-2025-28202

Incorrect access control in Victure RX1800 ENV1.0.0r12110933 allows attackers to enable SSH and Telnet services without authentication...

CVE-2025-28202

Incorrect access control in Victure RX1800 ENV1.0.0r12110933 allows attackers to enable SSH and Telnet services without authentication...

PT-2025-20568

Name of the Vulnerable Software and Affected Versions Victure RX1800 version EN V1.0.0 r12 110933 Description The issue is related to incorrect access control, allowing attackers to bypass authentication and enable SSH and Telnet services. Recommendations For version EN V1.0.0 r12 110933, as a...

CVE-2025-28202

CVE-2025-28202 affects Victure RX1800 EN_V1.0.0_r12_110933. The root cause is improper access control that allows enabling SSH and Telnet services without authentication. Impact is unauthenticated proactive access with high confidentiality, integrity, and availability risk. Mitigation/recommendat...

Erlang/OTP (Erlang OTP) MITM Vulnerability (May 2025) - Windows

Erlang/OTP Erlang OTP is prone to a man-in-the-middle MITM vulnerability in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Erlang/OTP (Erlang OTP) MITM Vulnerability (May 2025) - Linux

Erlang/OTP Erlang OTP is prone to a man-in-the-middle MITM vulnerability in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

AZL-61748 CVE-2025-46712 affecting package erlang for versions less than 26.2.5.12-1

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

AZL-61744 CVE-2025-46712 affecting package erlang for versions less than 25.3.2.21-1

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

DEBIAN-CVE-2025-46712

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

CVE-2025-46712

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

CVE-2025-46712

CVE-2025-46712 describes an SSH handshake hardening bypass in Erlang/OTP: prior to OTP-27.3.4, OTP-26.2.5.12, and OTP-25.3.2.21, the SSH KEX handshake allows optional messages to be exchanged, enabling a MITM attacker to inject messages during the handshake. The issue has been patched in OTP-27.3...

CVE-2025-46712 Erlang/OTP SSH Has Strict KEX Violations

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

CVE-2025-46712 Erlang/OTP SSH Has Strict KEX Violations

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

CVE-2025-46712 Erlang/OTP SSH Has Strict KEX Violations

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

CVE-2025-4041

In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with the device's ssh server and utilize the system's components to perform OS command executions...

Erlang/OTP 安全漏洞

Erlang/OTP is an Erlang/OTP open source library written in JavaScript that handles handling exceptions. The library catches exceptions raised by the node.js built-in API. A security vulnerability exists in Erlang/OTP that stems from SSH not strictly enforcing the KEX handshake, which could lead t...

PT-2025-20412

Name of the Vulnerable Software and Affected Versions: Erlang/OTP versions prior to OTP-27.3.4 Erlang/OTP versions prior to OTP-26.2.5.12 Erlang/OTP versions prior to OTP-25.3.2.21 Description: The issue concerns Erlang/OTP SSH failing to enforce strict KEX handshake hardening measures by allowin...

CVE-2025-36546

On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH...