Summary: A critical SSH vulnerability in Erlang/OTP, tracked as CVE-2025-32433, allows unauthenticated attackers to execute remote code on affected devices. This flaw is particularly concerning due to the prevalence of Erlang/OTP in telecom infrastructure and databases, with public exploits already available. Immediate upgrades to versions 25.3.2.10 and 26.2.4 are urged to mitigate the risks posed by this vulnerability.
Affected: Erlang/OTP
Keypoints :
- Public exploits for CVE-2025-32433 allow remote code execution.
- Flaw is caused by improper SSH protocol message handling prior to authentication.
- Over 600,000 IP addresses potentially at risk, primarily running CouchDB instances.
- Cybersecurity researchers have confirmed the simplicity of exploiting the vulnerability.
- Immediate upgrades are highly recommended due to the urgent nature of the threat.