CVE-2025-32433

Name of the Vulnerable Software and Affected Versions Erlang/OTP versions prior to 27.3.3 Erlang/OTP versions prior to 26.2.5.11 Erlang/OTP versions prior to 25.3.2.20

Description A critical flaw in the SSH server implementation of Erlang/OTP allows an unauthenticated remote attacker to achieve remote code execution (RCE). The issue stems from incorrect handling of the SSH protocol state, where the server fails to verify the authentication stage and may process CHANNEL OPEN and exec messages before authentication is completed. By sending specially crafted SSH packets, an attacker can execute arbitrary commands, potentially leading to full system compromise, especially if the SSH daemon runs with root privileges.

Approximately 600,000 IP addresses are estimated to be running Erlang/OTP, with significant exposure in telecom infrastructures, databases, and operational technology (OT) networks. Real-world exploitation has been observed, particularly targeting OT environments in the US, Brazil, France, Japan, and other regions. Attackers have used reverse shells and DNS callbacks to establish unauthorized access and move laterally within corporate networks to reach critical infrastructure.

Recommendations Update to version 27.3.3 or later. Update to version 26.2.5.11 or later. Update to version 25.3.2.20 or later. As a temporary workaround, disable the SSH server or restrict access using firewall rules.