Cisco Confirms Some Products Impacted by Critical Erlang/OTP Flaw

Cisco Confirms Some Products Impacted by Critical Erlang/OTP Flaw
Summary: Cisco is currently investigating the impact of the recently disclosed Erlang/OTP vulnerability (CVE-2025-32433), which allows for critical remote code execution and affects multiple products. The vulnerability, discovered by researchers, poses significant risks including unauthorized access and data manipulation. Several Cisco products, as well as those from other vendors that utilize Erlang, are confirmed to be affected by this flaw.

Affected: Cisco and other organizations using Erlang/OTP

Keypoints :

  • Critical remote code execution vulnerability (CVE-2025-32433) found in Erlang/OTP’s SSH implementation.
  • Easy exploitation reported, with proof-of-concept details made public shortly after the disclosure.
  • Cisco has confirmed several of its products are affected but has noted that some, like ConfD and NSO, are not vulnerable to remote code execution due to configuration.
  • Patches are expected to be released for affected products in May.

Source: https://www.securityweek.com/cisco-confirms-some-products-impacted-by-critical-erlang-otp-flaw/