The Erlang/Open Telecom Platform (OTP) SSH implementation reveals a critical security vulnerability that allows an attacker to perform any authentication under certain conditions.
The vulnerability tracked as CVE-2025-32433 has a maximum CVSS score of 10.0.
“The vulnerability allows attackers with network access to Erlang/OTP SSH servers to execute arbitrary code without prior authentication,” said Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk, researchers at Ruhr University Bochum.
This issue is caused by improper handling of SSH protocol messages, which essentially allows attackers to send connection protocol messages before authentication. Successful exploitation of drawbacks can result in arbitrary code execution in the context of an SSH daemon.
It exacerbates the risk and gives the attacker complete control over the device when the daemon process is running as root, paving the way for unauthorized access and manipulation of sensitive data or denial of service (DOS).
All users running an SSH server based on the ERLANG/OTP SSH library may be affected by CVE-2025-32433. We recommend updating to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. As a temporary workaround, you can use appropriate firewall rules to prevent access to vulnerable SSH servers.
In a statement shared with Hacker News, Mayuresh Dani, security research manager at Qualys, explained that vulnerabilities are extremely important and that threat actors can take actions such as installing ransomware and siphoning sensitive data.
“Erlans are often installed in highly available systems for robust and simultaneous support,” Dani said. “The majority of Cisco and Ericsson devices are running Erlang.”
“Services that use Erlang/OTP SSH libraries for remote access, such as those used in OT/IoT devices, are susceptible to exploitation of edge computing devices.
Source link
