Categories: Cyber Security News

“Severe Erlang/OTP SSH Flaw Enables Unauthenticated Remote Code Execution”

A critical vulnerability (CVE-2025-32433) in Erlang/OTP’s SSH implementation allows unauthenticated attackers to execute arbitrary code on vulnerable systems, earning the maximum CVSS score of 10.0.

The flaw exposes high-availability systems in telecom, IoT, and distributed computing environments to full compromise.

Table of Contents

Toggle

Technical Analysis

The vulnerability stems from improper handling of SSH protocol messages, enabling attackers to send connection protocol messages before completing authentication.

This bypasses critical security checks, allowing:

erlang%% Simplified vulnerable code logic
handle_ssh_msg(Msg, State) ->
  case Msg of
    {ssh_cm, _, _} -> process_pre_auth_cm(Msg); % Flawed pre-auth handling
    _ -> standard_handler(Msg)
  end.

Researchers from Ruhr University Bochum identified that this design flaw permits remote code execution (RCE) in the SSH daemon’s context.

When the daemon runs with root privileges (common in telecom infrastructure), attackers gain full system control.

Risk Factor Analysis

Metric	Value
CVSS Score	10.0 (Critical)
Attack Vector	Network (AV:N)
Attack Complexity	Low (AC:L)
Privileges Required	None (PR:N)
User Interaction	None (UI:N)
Scope	Changed (S:C)
Confidentiality Impact	High (C:H)
Integrity Impact	High (I:H)
Availability Impact	High (A:H)
CWE-ID	CWE-306

Affected Systems

Erlang/OTP SSH servers using versions ≤25.3.2.19, ≤26.2.5.10, and ≤27.3.2
Cisco and Ericsson devices are leveraging Erlang for high-availability services
Industrial control systems (ICS) and IoT devices with exposed SSH ports

Mitigation Strategies

Immediate patching to:
- OTP-25.3.2.20
- OTP-26.2.5.11
- OTP-27.3.3
Temporary workarounds: bash# Block SSH port 22 access except for management IPs iptables -A INPUT -p tcp --dport 22 -s 192.0.2.0/24 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j DROP
Network segmentation of Erlang-based systems from untrusted networks

Industry Response

Mayuresh Dani of Qualys warns: “This vulnerability enables threat actors to deploy ransomware or exfiltrate sensitive data from mission-critical systems”.

Ericsson’s advisory emphasizes that “all SSH implementations using Erlang/OTP are affected regardless of version”.

The Erlang/OTP team confirmed that patches eliminate the pre-authentication message handling flaw through improved state validation.

Organizations must prioritize patching given Erlang’s prevalence in telecom infrastructure and the vulnerability’s wormable potential.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates

The post “Severe Erlang/OTP SSH Flaw Enables Unauthenticated Remote Code Execution” appeared first on Cyber Security News.

PoC Exploit Released for Erlang/OTP SSH Remote Code Execution Vulnerability

A critical remote code execution vulnerability in Erlang/OTP’s SSH implementation has security teams scrambling to patch affected systems after researchers confirmed the development of a proof-of-concept exploit. The vulnerability, tracked as CVE-2025-32433 and assigned the maximum possible CVSS score of 10.0, allows attackers to execute arbitrary code without authentication, potentially…

April 18, 2025

In "Cyber Security News"

PoC Exploit Released for Erlang/OTP SSH Remote Code Execution Vulnerability

April 18, 2025

In "Cyber Security News"

PoC Exploit Released for Critical Unauthenticated RCE in Erlang/OTP

A critical security alert has been issued for organizations using Erlang/OTP after researchers published a proof-of-concept (PoC) exploit for a severe remote code execution (RCE) vulnerability, tracked as CVE-2025-32433. The flaw, which affects the SSH implementation in Erlang/OTP, now presents an active exploitation risk, prompting urgent calls for immediate remediation.…

April 22, 2025

In "Cyber Security News"

rssfeeds-admin