Summary: A critical vulnerability (CVE-2025-32433) in the Erlang/OTP SSH daemon allows for unauthenticated remote code execution on affected devices, posing a significant security risk. This vulnerability, discovered by researchers at Ruhr University Bochum, has been assigned a maximum severity score of 10.0. Organizations are urged to upgrade to the latest software versions to mitigate the risk of exploitation.
Affected: Erlang/OTP SSH daemon
Keypoints :
- Vulnerability allows unauthenticated remote code execution.
- Discovered by researchers from Ruhr University Bochum and rated 10.0 for severity.
- Immediate upgrade to versions 25.3.2.10 and 26.2.4 is advised to mitigate risks.
- Commands executed via the vulnerability inherit the SSH daemon’s privileges, often root.
- Organizations should consider restricting SSH access or disabling the daemon for critical systems.