PoC Exploit Released for Erlang/OTP SSH Remote Code Execution Vulnerability

A critical remote code execution vulnerability in Erlang/OTP’s SSH implementation has security teams scrambling to patch affected systems after researchers confirmed the development of a proof-of-concept exploit.

The vulnerability, tracked as CVE-2025-32433 and assigned the maximum possible CVSS score of 10.0, allows attackers to execute arbitrary code without authentication, potentially leading to complete system compromise.

A team of security researchers publicly disclosed the vulnerability in April 2025. The flaw exists in the SSH protocol message handling mechanism, enabling attackers to send connection protocol messages before authentication is completed.

The issue is caused by a flaw in the SSH protocol message handling, allowing an attacker to send connection protocol messages prior to authentication. This vulnerability affects all versions of Erlang/OTP running an SSH server component, regardless of the underlying version.

Security researchers at Horizon3’s Attack Team have already reproduced the vulnerability and developed a proof-of-concept exploit. In a concerning development, they described the vulnerability as “surprisingly easy” to exploit.

Just finished reproducing CVE-2025-32433 and putting together a quick PoC exploit, surprisingly easy. Wouldn’t be shocked if public PoCs start dropping soon. If you’re tracking this, now’s the time to take action, Horizon3 posted to social media.

The ease of exploitation has raised alarms among security professionals, with concerns that widespread attacks could emerge rapidly once public exploits become available.

An anonymous security researcher has released proof-of-concept code for CVE-2025-32433 on Pastebin.

This vulnerability is particularly dangerous because Erlang is widely deployed in critical infrastructure, including telecom equipment from major vendors, as well as IoT and operational technology (OT) environments.

Security experts have described the vulnerability as “extremely critical” and warned that it could allow threat actors to perform actions such as installing ransomware or stealing sensitive data.

Any commands executed through exploitation will run with the same privileges as the SSH daemon. Since these daemons commonly run as root, successful attacks could result in complete system takeover.

Mitigation Steps

The Erlang/OTP team has released patches for affected versions. Organizations should immediately upgrade to the following patched versions:

• OTP-27.3.3 (for systems running OTP-27.x)
• OTP-26.2.5.11 (for systems running OTP-26.x)
• OTP-25.3.2.20 (for systems running OTP-25.x)

For systems that cannot be immediately updated, security experts recommend implementing workarounds such as:

• Restricting access to SSH ports using firewall rules
• Disabling the Erlang/OTP SSH server if it’s not essential
• Limiting SSH access to trusted IP addresses only

This vulnerability allows malicious actors with network access to hosts running an Erlang/OTP SSH server to execute unauthenticated remote code. The severity of the vulnerability and the confirmation of working exploits make immediate action essential.

Organizations are urged to identify all systems running Erlang/OTP SSH services and prioritize patching.

With confirmation that the vulnerability is easily exploitable and the likelihood of public exploits appearing imminently, the window for remediation is rapidly closing for organizations with vulnerable systems exposed.

Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy

The post PoC Exploit Released for Erlang/OTP SSH Remote Code Execution Vulnerability appeared first on Cyber Security News.