PT-2025-16905 · Ericsson +7 · Erlang/Otp +7

Lambdafu

+1

·

Published

2025-04-16

·

Updated

2026-02-17

·

CVE-2025-32433

CVSS v3.1
10
VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Erlang versions prior to 27.3.3 Erlang versions prior to 26.2.5.11 Erlang versions prior to 25.3.2.20 Erlang versions 1:22.2.7+dfsg-1ubuntu0.5 Erlang versions 24.3.4.13-alt2 Erlang versions 26.2.5.11-alt1
Description Erlang OTP’s SSH module incorrectly handles authentication, allowing a remote attacker to execute arbitrary commands without authentication, potentially leading to a system compromise. The vulnerability exists due to a flaw in SSH protocol message handling.
Recommendations Update Erlang to version 27.3.3 or later. Update Erlang to version 26.2.5.11 or later. Update Erlang to version 25.3.2.20 or later. Update Erlang to version 1:27.3+dfsg-1ubuntu1.1. Update Erlang to version 24.3.4.13-alt2. Update Erlang to version 26.2.5.11-alt1.

Exploit

Fix

LPE

RCE

DoS

Missing Authentication

Weakness Enumeration

CWE-306

Related Identifiers

ALT-PU-2025-15942
ALT-PU-2025-6176
ALT-PU-2025-6402
BDU:2025-04706
CVE-2025-32433
DLA-4132-1
DSA-5906-1
ERLANG_CVE_2025_32433
GHSA-37CP-FGQ5-7WC2
OESA-2025-1461
OPENSUSE-SU-2025_1356-1
OPENSUSE-SU-2025_1357-1
SUSE-SU-2025:1356-1
SUSE-SU-2025:1357-1
SUSE-SU-2025_1356-1
SUSE-SU-2025_1357-1
USN-7443-1
USN-7443-2
USN-7443-3

Affected Products

Alt Linux
Astra Linux
Debian
Erlang/Otp
Linuxmint
Red Os
Suse
Ubuntu