PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability

Summary: A critical remote code execution vulnerability (CVE-2025-32433) in Erlang/OTP’s SSH implementation has been identified, allowing unauthenticated attackers to execute arbitrary code on affected systems. With a CVSS score of 10.0, this flaw poses a significant risk, particularly for servers operating under root privileges. Administrators are urged to patch immediately to mitigate the risks of exploitation following the release of a proof-of-concept.

Affected: Erlang/OTP and its associated systems

Keypoints :

• The vulnerability allows attackers to bypass authentication and execute arbitrary code.
• All versions before OTP-27.3.3, 26.2.5.11, and 25.3.2.20 are affected.
• Immediate action includes upgrading to patched versions and auditing systems for unusual activity.
• Temporary workarounds involve disabling SSH or limiting access to trusted IPs if patching cannot be done immediately.
• Cybersecurity agencies recommend prioritizing remediation due to the public availability of the proof-of-concept.