Serious vulnerability exposes systems to unauthenticated remote code execution.
A critical security flaw has been uncovered in the Erlang/OTP SSH server implementation. This vulnerability allows unauthenticated remote code execution on vulnerable systems. The flaw affects versions prior to OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. Attackers exploit improper handling of SSH protocol messages before authentication completes. The severity of the flaw is reinforced by its maximum CVSS score of 10.
Since the vulnerability’s disclosure in mid-April 2025, exploitation attempts have surged worldwide. Security researchers observed frequent targeting of industrial and operational technology (OT) networks. Monitoring data from Cortex Xpanse shows a significant uptick from May 2025. Approximately 70 percent of detection events originated from firewalls protecting OT networks. Industries most impacted include healthcare, agriculture, and high technology sectors. Many vulnerable services are exposed via nonstandard ports including TCP 2222.
The risk is particularly high when the Erlang/OTP SSH daemon runs with elevated privileges. Successful exploitation without credentials can result in complete system takeover. The existence of a public proof-of-concept exploit increases risk of widespread attacks. Mitigation is urgently advised.
The issue has been patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the Erlang/OTP SSH server or restricting its access via firewall controls. Cybersecurity teams are advised to review exposed services and patch affected systems immediately.
In conclusion, CVE-2025-32433 represents a highly critical threat in widely used systems. The rapid increase in exploitation attempts underscores the severe nature of the flaw. Organizations using Erlang/OTP must apply patches and reassess exposure without delay. This incident serves as a reminder that crucial infrastructure software must be continuously monitored for emerging threats.
