Critical Erlang/OTP SSH Pre-Auth RCE Is ‘Surprisingly Easy' to Exploit, Patch Now
Summary:
CVE-2025-32433 is a newly disclosed critical vulnerability in the Erlang/OTP SSH application that enables unauthenticated remote code execution, posing a serious risk to any system running the affected software. Assigned a perfect CVSS score of 10.0, the flaw was discovered by researchers Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk from Ruhr University Bochum in Germany. The issue arises from how the SSH daemon included in Erlang/OTP processes protocol messages during the connection phase, specifically before authentication. Attackers can exploit this improper handling by sending crafted SSH protocol messages prior to authentication, allowing them to execute arbitrary code.
Because the SSH daemon often runs with elevated privileges—typically as root—the impact of successful exploitation is system-wide compromise. The Erlang/OTP platform is commonly used in telecom infrastructure, distributed systems, and other high-availability environments due to its fault tolerance and concurrency capabilities, which broadens the potential attack surface across critical sectors.
Security Officer Comments:
Security researchers from Horizon3’s Attack Team confirmed they were able to reproduce the exploit quickly and developed a working proof-of-concept (that demonstrated the ability to write files to disk as root on a vulnerable system. They warned that public PoCs are likely to emerge soon, heightening the urgency for organizations to patch immediately.
Suggested Corrections:
To remediate the issue, users should upgrade to Erlang/OTP versions 25.3.2.10 or 26.2.4, which contain the security fix. For systems that cannot be updated quickly—such as embedded devices, telecom systems, or industrial control systems—administrators are strongly encouraged to restrict SSH access to only trusted IP addresses or disable the SSH daemon altogether if it's not essential. Failure to act promptly could result in widespread exploitation, especially once automated scanning and exploitation tools begin targeting this vulnerability.
Link(s):
https://www.bleepingcomputer.com/ne...ce-is-surprisingly-easy-to-exploit-patch-now/
CVE-2025-32433 is a newly disclosed critical vulnerability in the Erlang/OTP SSH application that enables unauthenticated remote code execution, posing a serious risk to any system running the affected software. Assigned a perfect CVSS score of 10.0, the flaw was discovered by researchers Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk from Ruhr University Bochum in Germany. The issue arises from how the SSH daemon included in Erlang/OTP processes protocol messages during the connection phase, specifically before authentication. Attackers can exploit this improper handling by sending crafted SSH protocol messages prior to authentication, allowing them to execute arbitrary code.
Because the SSH daemon often runs with elevated privileges—typically as root—the impact of successful exploitation is system-wide compromise. The Erlang/OTP platform is commonly used in telecom infrastructure, distributed systems, and other high-availability environments due to its fault tolerance and concurrency capabilities, which broadens the potential attack surface across critical sectors.
Security Officer Comments:
Security researchers from Horizon3’s Attack Team confirmed they were able to reproduce the exploit quickly and developed a working proof-of-concept (that demonstrated the ability to write files to disk as root on a vulnerable system. They warned that public PoCs are likely to emerge soon, heightening the urgency for organizations to patch immediately.
Suggested Corrections:
To remediate the issue, users should upgrade to Erlang/OTP versions 25.3.2.10 or 26.2.4, which contain the security fix. For systems that cannot be updated quickly—such as embedded devices, telecom systems, or industrial control systems—administrators are strongly encouraged to restrict SSH access to only trusted IP addresses or disable the SSH daemon altogether if it's not essential. Failure to act promptly could result in widespread exploitation, especially once automated scanning and exploitation tools begin targeting this vulnerability.
Link(s):
https://www.bleepingcomputer.com/ne...ce-is-surprisingly-easy-to-exploit-patch-now/