CVE-2025-32433

Published Apr 16, 2025

Last updated 2 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-32433 is a vulnerability found in the Erlang/OTP SSH server. It stems from a flaw in the SSH protocol message handling, which allows an attacker with network access to execute arbitrary code on the server without authentication. Specifically, the vulnerability enables a malicious actor to send connection protocol messages before authentication takes place. Successful exploitation could lead to full compromise of the host, unauthorized access, manipulation of sensitive data, or denial-of-service attacks.

Description
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
Source
security-advisories@github.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
Exploit added on
Jun 9, 2025
Exploit action due
Jun 30, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

security-advisories@github.com
CWE-306

Social media

Hype score
Not currently trending
  1. Heads up, system administrators and security professionals! CISA added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These flaws, found in Erlang/OTP and Roundcube Webmail, are being actively exploited in the wild. 🚨CVE-2025-32433 CVSS 10.

    @cytexsmb

    11 Jun 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 STRIKE Threat Intel Advisory – CVE-2025-32433 🚨 SecurityScorecard’s STRIKE team is tracking active exposure of CVE-2025-32433 — a critical-severity vulnerability affecting Erlang OTP with a CVSS score of 10.0. On June 9, 2025, this vulnerability was added to CIS

    @security_score

    10 Jun 2025

    122 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-32433: Remote Code Execution in Erlang/OTP SSH Server ثغرة أمنية خطيرة في خادم Erlang/OTP SSH server، قد تتيح للمهاجم تنفيذ أوامر عن بُعد (RCE) دون مصادقة. من خلال استغلال خلل في معالجة

    @mghamdiah1

    10 Jun 2025

    87 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  4. CISA adds critical vulnerabilities CVE-2025-32433 & CVE-2024-42009 to KEV catalog—impacting Erlang/OTP SSH & Roundcube Webmail. Exploits could lead to remote commands & email theft. Federal agencies must patch promptly ⚠️ #Erlang #Firefox #US https://t.co/ZocOD9

    @TweetThreatNews

    10 Jun 2025

    76 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 📌 أضافت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) flawين أمان مهمين تؤثران على SSH في Erlang/Open Telecom Platform وRoundcube إلى سجل الثغرات المعروف التي تم استغل

    @Cybercachear

    10 Jun 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログに、Erlang/OTPのCVE-2025-32433とRoundCubeのCVE-2024-42009が追加。対処期限は通常の6/30で、ランサムウェア悪用は不知。 また、For

    @__kokumoto

    9 Jun 2025

    1104 Impressions

    0 Retweets

    6 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  7. 🛡️ We added RoundCube Webmail and Erlang/OTP vulnerabilities CVE-2024-42009 & CVE-2025-32433 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/

    @CISACyber

    9 Jun 2025

    7590 Impressions

    21 Retweets

    43 Likes

    4 Bookmarks

    1 Reply

    0 Quotes

  8. 🪵 Log # 45/100: A beginners guide to CVE-2025-32433..A thread 🧵 : Let’s break down CVE-2025-32433 in a way that makes sense, even if you’re just starting out in security. 🧠 What happened? A vulnerability was discovered in Erlang/OTP’s SSH server that lets an atta

    @ElementMerc

    4 Jun 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🪵 Log # 43/100: Weekly TryHackMe Update Over the past week, I did some rooms on TryHackMe, including: 🔹 Intro to Pipeline Automation 🔹 Mobile Acquisistion 🔻 Erlang/OTP SSH: CVE-2025-32433 🔻 The Lay of the Land 🔻 Printer Hacking 101 🔻 Enumeration https://t.c

    @ElementMerc

    2 Jun 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. 💥 Thanks for joining VKB Series #2! Arthur Raout broke down CVE-2025-32433, a critical RCE in Erlang/OTP. Missed it? Watch here: https://t.co/ciaEcn17E2 #VKBSeries #CVE202532433 #P1Security https://t.co/cZSGuvHzZg

    @p1security

    29 May 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. お疲れ様です🫡 Cisco公式から既知の脆弱性 『CVE-2025-32433』 に対する更新が行われたため、ツリー形式で概要とワークアラウンドなどをポストします なお、今回の脆弱性のCVSSスコアは10.0でCriticalの判定が出

    @esunekk

    29 May 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. RCE in Erlang/OTP SSH (CVE-2025-32433) → unauthenticated remote code exec risk! Join us May 28 at 15:00 CET. 🎥 Register: https://t.co/ciaEcn1FtA #infosec https://t.co/aH2XkyWn30

    @p1security

    13 May 2025

    76 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 CVE-2025-32433: RCE in Erlang/OTP's SSH server. Exploitable w/o auth, PoC published April 17. Cisco products affected. Patch now! #RCE #Erlang #Cisco ➡️ https://t.co/CiQmaumsj0 https://t.co/Xf2ct6RlHR

    @leonov_av

    12 May 2025

    110 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Actively exploited CVE : CVE-2025-32433

    @transilienceai

    12 May 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. ペネトレーションテストツールMetasploitが大規模更新。Erlang/OTP SSHのCVE-2025-32433やSante PACS ServerのCVE-2025-2264に対応する攻撃コード、OPNSenseファイアウォールへの総当りログインスキャナ、SMB-to-HTTPリレー攻撃の追

    @__kokumoto

    12 May 2025

    5182 Impressions

    23 Retweets

    89 Likes

    46 Bookmarks

    0 Replies

    0 Quotes

  16. Actively exploited CVE : CVE-2025-32433

    @transilienceai

    11 May 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Actively exploited CVE : CVE-2025-32433

    @transilienceai

    10 May 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. ثغرة #RCE CVE-2025-32433 في خادم Erlang/OTP #SSH! تهديد باكتساب امتيازات الجذر والاستيلاء على النظام دون مصادقة. ☑️استبيان الخادم: ”SSH-2.0-Erlang“ ☑️الاصدار المعدل: OTP 27.3.3.3

    @CriminalIP_AR

    9 May 2025

    30 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-32433, Erlang/OTP #SSH 서버 #RCE 취약점! 인증 없이 루트 권한 탈취 및 시스템 장악의 위협에 노출될 수 있습니다. ☑️SSH 서버 탐색 쿼리: “SSH-2.0-Erlang” ☑️패치 버전: OTP 27.3.3 / 26.2.5.11 / 25.3.2.20 이상 취약한 S

    @CriminalIP_KR

    9 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Actively exploited CVE : CVE-2025-32433

    @transilienceai

    8 May 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. 🚨#CVE-2025-32433 Alert! Erlang/OTP #SSH servers may allow unauthenticated root access😬 ☑️ https://t.co/JaUDfGyEMe Query: “SSH-2.0-Erlang” ☑️ Patch now: OTP 27.3.3 / 26.2.5.11 / 25.3.2.20 + Don't let them in. Lock it down. 👉https://t.co/jmzTiZUgjg https://t.c

    @CriminalIP_US

    8 May 2025

    168 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  22. 🚨CVE-2025-32433💣 MD5 c3254c8882483b5934ea8c6c0857fb4e 2a049cf0d370d9501b5844767b431265 c048c45cc4dff2ce5e808db0eae98a6d 870ba614a3e150339f7dc3ae92fdd530 c440f6d24989de4b92f9d9cf3bc5ae6a 184.27.218.92 123.45.67.89 #infosec #security #CVE #exploit #malware #OSINT #ransomwa

    @RakeshKrish12

    7 May 2025

    1247 Impressions

    5 Retweets

    21 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  23. ''How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed'' #infosec #pentest #redteam #blueteam https://t.co/0Gfyjc9p01

    @CyberWarship

    6 May 2025

    1724 Impressions

    5 Retweets

    16 Likes

    18 Bookmarks

    0 Replies

    0 Quotes

  24. Actively exploited CVE : CVE-2025-32433

    @transilienceai

    6 May 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Actively exploited CVE : CVE-2025-32433

    @transilienceai

    5 May 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. Actively exploited CVE : CVE-2025-32433

    @transilienceai

    5 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  27. Erlang/OTP SSH の深刻な脆弱性 CVE-2025-32433:PoC がリリース https://t.co/df4AsLkjqW Erlang/OTP SSH の脆弱性 CVE-2025-32433 ですが、PoC がリリースされたとのことです。OTP は Open Telecom Platform

    @iototsecnews

    5 May 2025

    117 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. AIがCVEを数時間でエクスプロイトに変換:CVE-2025-32433の事例 | Codebook|Security News https://t.co/yYBjXsvhH1

    @fd0

    4 May 2025

    127 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Top 5 Trending CVEs: 1 - CVE-2025-3776 2 - CVE-2024-26809 3 - CVE-2025-46337 4 - CVE-2025-26529 5 - CVE-2025-32433 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    4 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨 PoC CVE-2025-32433: RCE en Erlang/OTP SSH 🔍 Una vulnerabilidad crítica en el servidor SSH de Erlang/OTP permite ejecución remota de código sin autenticación. Afecta versiones anteriores a OTP-27.3.3, 26.2.5.11 y 25.3.2.20. https://t.co/E9CaZo5oB1

    @tpx_Security

    3 May 2025

    101 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 🚨 CVSS 10.0 ALERT: Remote Code Execution in Erlang/OTP SSH (CVE-2025-32433) No auth. Full control. Widespread impact. Used in Cisco, Ericsson, OT/IoT, and edge systems, this bug lets attackers run code without logging in. If SSH runs as root? Game over. 👀 https://t.co/wX

    @achi_tech

    2 May 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🚨PoC CVE-2025-32433: Critical Erlang/OTP SSH RCE Vulnerability Credit: https://t.co/PzeVH94Dh5 https://t.co/t0pVzUzlBI

    @DarkWebInformer

    2 May 2025

    8527 Impressions

    13 Retweets

    66 Likes

    30 Bookmarks

    0 Replies

    0 Quotes

  33. 🚨 CVE-2025-32433 - Vulnerabilidad Crítica de Ejecución Remota de Código en el Servidor SSH de Erlang/OTP 🚨 🔴 Nivel de Urgencia: Crítico https://t.co/q71tzF84U2

    @BanCERT_gt

    2 May 2025

    17 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Actively exploited CVE : CVE-2025-32433

    @transilienceai

    29 Apr 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. 🚨 AI used to create a working exploit for CVE-2025-32433 [https://t.co/c8PsvnLJWh]. With AI’s rapid evolution in coding, this is just the start. Automate patch management or your security will be outdated by 2025. #AI #CyberSecurity

    @Cuore_talen

    29 Apr 2025

    41 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. People are using AI to create working exploits before a public PoC is available 🔥 Case in point: CVE-2025-32433 exploit by Matthew Keeley https://t.co/vrEPxbNjtu #bugbountytips #cybersecurity https://t.co/gZKfd502Nm

    @payloadartist

    29 Apr 2025

    5408 Impressions

    19 Retweets

    111 Likes

    54 Bookmarks

    2 Replies

    0 Quotes

  37. 🚨 CVE-2025-32433: Erlang/OTP SSH servers can be hijacked remotely! 🔓 Unauthenticated RCE | AI-generated PoCs in hours 🛠 Patch OTP-27.3.3/26.2.5.11/25.3.2.20 NOW 🔗 Details: https://t.co/wycqaGQQ7g #Security https://t.co/kFAXJqzQGN

    @Cezar_H_Linux

    29 Apr 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 📌 Cisco investigates critical CVE-2025-32433 vulnerability in Erlang/OTP affecting ConfD, NSO, Smart PHY, Intelligent Node Manager, and Ultra Cloud Core. #CyberSecurity #Cisco https://t.co/9hr7E7zSct https://t.co/CePLxnkcCd

    @CyberHub_blog

    29 Apr 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Actively exploited CVE : CVE-2025-32433

    @transilienceai

    28 Apr 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  40. A critical RCE vulnerability, CVE-2025-32433, has been discovered in Cisco products using Erlang/OTP's SSH server, posing severe risks to enterprise networks and telecom systems. With a CVSS score of 10.0, the flaw allows attackers to execute arbitrary code without authenticat...

    @CybrPulse

    26 Apr 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  41. Crazy CVE-2025-32433 unauth RCE patch that junk or rip https://t.co/hao55KnfJO

    @0xnorbit44133

    25 Apr 2025

    23 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  42. The AI arms race in cybersecurity is escalating 🚨 Generative AI (like GPT-4 & Google’s LLMs) now accelerates exploit development—turning vulnerabilities into weaponized code within *hours*. Case in point: CVE-2025-32433 in Erlang’s SSH library was reverse-engineer

    @ArmanMkhit35108

    25 Apr 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. シスコ、一部製品が重大なErlang/OTPの欠陥に影響を受けていることを確認(CVE-2025-32433) https://t.co/8bFCFvQ6qP #Security #セキュリティ #ニュース

    @SecureShield_

    25 Apr 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Actively exploited CVE : CVE-2025-32433

    @transilienceai

    25 Apr 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  45. 🚨 Cisco Confirms Exposure to Critical RCE Bug CVE-2025-32433 in Erlang/OTP SSH affects Cisco products like ConfD & NSO. Exploitable, public PoC out, patches coming May. Cisco says configs prevent RCE—but eyes on OT/IoT risk. https://t.co/xBSWokDpAK #CyberSecurity #Cisco #

    @dCypherIO

    24 Apr 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. NVD - CVE-2025-32433 - Fixed in OTP 27.3.3, OTP 26.2.5.11, and OTP 25.3.2.20 https://t.co/MM7ILs3PCh Discussions: https://t.co/fthBgVKz0w #erlang #programming

    @ErlangDiscu

    24 Apr 2025

    138 Impressions

    2 Retweets

    7 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. CVE-2025-32433: Erlang/OTP SSH Unauthenticated Remote Code Execution Vulnerability https://t.co/07SAy6wF62 https://t.co/ApDa07Sdpf

    @IT_Peurico

    24 Apr 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. YouTube video walk through for TryHackMe room Erlang/OTP SSH: CVE-2025-32433 Link in first comment: ⤵️⤵️⤵️🦜🦜 https://t.co/5YHLYTxIJx

    @DjalilAyed

    24 Apr 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  49. Cisco confirms: ConfD, NSO, Smart PHY & more hit by CVE-2025-32433. No RCE risk yet, but PoC exploit is out. Erlang-based systems across network & industrial gear now under the spotlight. Details: https://t.co/3dbVIeCtwb

    @TheHackersNews

    24 Apr 2025

    8608 Impressions

    33 Retweets

    50 Likes

    14 Bookmarks

    0 Replies

    2 Quotes

  50. Based on publicly-available information, the following applications are known to utilize Erlang OTP, which may suggest that they are vulnerable to CVE-2025-32433. #EndCyberRisk https://t.co/LJGJXfwMes

    @de_do20

    24 Apr 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations