Home/CVE-2025-32433/YARA rules
YARA

YARA rules for CVE-2025-32433

1 rules · scoped to cve · back to CVE-2025-32433
YARA rules whose family, name, or description matches this cve or its tooling. Use these for binary-pattern hunts.

YARA rules

1 of 1
direct VULN
VULN_Erlang_OTP_SSH_CVE_2025_32433_Apr25
Detects binaries vulnerable to CVE-2025-32433 in Erlang/OTP SSH
author Pierre-Henri Pezier, Florian Roth license see source repo
view YARA rule 
rule VULN_Erlang_OTP_SSH_CVE_2025_32433_Apr25 {
   meta:
      description = "Detects binaries vulnerable to CVE-2025-32433 in Erlang/OTP SSH"
      author = "Pierre-Henri Pezier, Florian Roth"
      reference = "https://www.upwind.io/feed/cve-2025-32433-critical-erlang-otp-ssh-vulnerability-cvss-10"
      date = "2025-04-18"
      score = 60
   strings:
      $a1 = { 46 4F 52 31 ?? ?? ?? ?? 42 45 41 4D }

      $s1 = "ssh_connection.erl"

      $fix1 = "chars_limit"
      $fix2 = "allow    macro_log"
      $fix3 = "logger"
      $fix4 = "max_log_item_len"
   condition:
      filesize < 1MB
      and $a1 at 0 // BEAM file header
      and $s1
      and not 1 of ($fix*)
}
Showing 1-1 of 1
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin