Summary: A severe security vulnerability, CVE-2025-32433, has been found in the Erlang/Open Telecom Platform (OTP) SSH implementation, enabling attackers to execute arbitrary code without authentication. This issue allows access to sensitive data or denial-of-service (DoS) if the SSH daemon runs with root privileges. Users are urged to upgrade their systems to specific patched versions or implement firewall rules as temporary measures.
Affected: Erlang/Open Telecom Platform (OTP) SSH servers
Keypoints :
- Vulnerability CVE-2025-32433 has a maximum CVSS score of 10.0.
- Attackers with network access can execute arbitrary code without authentication.
- The issue arises from poor handling of SSH protocol messages prior to authentication.
- If the SSH daemon runs as root, attackers gain full control of the device.
- Users should upgrade to OTP-27.3.3, OTP-26.2.5.11, or OTP-25.3.2.20 to mitigate the risk.
- Firewall rules are recommended as a temporary workaround to restrict access.
- Erlang is widely used in high-availability systems, including many Cisco and Ericsson devices.
Source: https://thehackernews.com/2025/04/critical-erlangotp-ssh-vulnerability.html