Cisco Confirms Some Products Impacted by Critical Erlang/OTP Flaw
Summary:
Last week, a critical vulnerability, CVE-2025-32433, was identified in the SSH implementation of Erlang/OTP, a framework crucial for building high-availability real-time systems in critical verticals like banking and communications. This flaw allows unauthenticated attackers to gain initial access and execute arbitrary code, leading to full compromise of hosts, data breaches and data manipulation, and denial-of-service attacks. Patches are available in Erlang/OTP versions 27.3.3, 26.2.5.11, and 25.3.2.20 that mitigate CVE-2025-32433; all earlier versions remain vulnerable. The rapid release of proof-of-concept exploits and technical details from the cybersecurity community underscores the ease of exploitation. Cisco has acknowledged in an advisory that several of its products, including ConfD, Network Services Orchestrator (NSO), Smart PHY, Intelligent Node Manager, and Ultra Cloud Core, are affected, though ConfD and NSO are not susceptible to remote code execution due to their configurations, but continues to investigate its impact against their products. Other vendors, including Ericsson, National Instruments, and Broadcom, also utilize Erlang/OTP, potentially increasing the scope of impact. Cisco estimated in 2018 that 90% of internet traffic went through Erlang-controlled nodes. As of now, there are no public reports of in-the-wild exploitation.
Security Officer Comments:
The discovery of CVE-2025-32433 poses a severe threat to organizations relying on third-party software products from Ericsson, Cisco, Broadcom, and National Instruments technologies, especially in critical infrastructure sectors. The vulnerability's critical severity, combined with the swift availability of exploit code, creates an opportunity for attackers to exploit unpatched systems. While Cisco has identified affected products and is continuing to work on patches, the widespread use of Erlang/OTP across various vendors and devices necessitates a broad and immediate response. Organizations must prioritize patching vulnerable systems, conduct thorough assessments to identify all instances of Erlang/OTP, and implement compensating controls, such as network segmentation and access restrictions, to mitigate the risk. The fact that Cisco estimates 90% of internet traffic goes through Erlang-controlled nodes should be cause for concern. Continuous monitoring for exploitation attempts and collaboration within the cybersecurity community are essential to effectively address this threat and prevent potentially widespread damage.
Suggested Corrections:
Arctic Wolf recommends that customers upgrade to the latest fixed version. As a temporary workaround for users unable to immediately upgrade to a fixed version, Erlang recommends disabling the SSH server or restricting access using firewall rules. While fixes for Erlang/OTP SSH are now available, the security patch is not automatically applied to software products that use Erlang/OTP SSH. The best method for remediating these vulnerabilities in third-party software products is to apply the official security updates from the vendor of each affected software product. Arctic Wolf recommends monitoring software vendor advisories for security updates and applying the available security updates promptly.
Link(s):
https://www.securityweek.com/cisco-confirms-some-products-impacted-by-critical-erlang-otp-flaw/
https://arcticwolf.com/resources/blog/cve-2025-32433/
Last week, a critical vulnerability, CVE-2025-32433, was identified in the SSH implementation of Erlang/OTP, a framework crucial for building high-availability real-time systems in critical verticals like banking and communications. This flaw allows unauthenticated attackers to gain initial access and execute arbitrary code, leading to full compromise of hosts, data breaches and data manipulation, and denial-of-service attacks. Patches are available in Erlang/OTP versions 27.3.3, 26.2.5.11, and 25.3.2.20 that mitigate CVE-2025-32433; all earlier versions remain vulnerable. The rapid release of proof-of-concept exploits and technical details from the cybersecurity community underscores the ease of exploitation. Cisco has acknowledged in an advisory that several of its products, including ConfD, Network Services Orchestrator (NSO), Smart PHY, Intelligent Node Manager, and Ultra Cloud Core, are affected, though ConfD and NSO are not susceptible to remote code execution due to their configurations, but continues to investigate its impact against their products. Other vendors, including Ericsson, National Instruments, and Broadcom, also utilize Erlang/OTP, potentially increasing the scope of impact. Cisco estimated in 2018 that 90% of internet traffic went through Erlang-controlled nodes. As of now, there are no public reports of in-the-wild exploitation.
Security Officer Comments:
The discovery of CVE-2025-32433 poses a severe threat to organizations relying on third-party software products from Ericsson, Cisco, Broadcom, and National Instruments technologies, especially in critical infrastructure sectors. The vulnerability's critical severity, combined with the swift availability of exploit code, creates an opportunity for attackers to exploit unpatched systems. While Cisco has identified affected products and is continuing to work on patches, the widespread use of Erlang/OTP across various vendors and devices necessitates a broad and immediate response. Organizations must prioritize patching vulnerable systems, conduct thorough assessments to identify all instances of Erlang/OTP, and implement compensating controls, such as network segmentation and access restrictions, to mitigate the risk. The fact that Cisco estimates 90% of internet traffic goes through Erlang-controlled nodes should be cause for concern. Continuous monitoring for exploitation attempts and collaboration within the cybersecurity community are essential to effectively address this threat and prevent potentially widespread damage.
Suggested Corrections:
Arctic Wolf recommends that customers upgrade to the latest fixed version. As a temporary workaround for users unable to immediately upgrade to a fixed version, Erlang recommends disabling the SSH server or restricting access using firewall rules. While fixes for Erlang/OTP SSH are now available, the security patch is not automatically applied to software products that use Erlang/OTP SSH. The best method for remediating these vulnerabilities in third-party software products is to apply the official security updates from the vendor of each affected software product. Arctic Wolf recommends monitoring software vendor advisories for security updates and applying the available security updates promptly.
Link(s):
https://www.securityweek.com/cisco-confirms-some-products-impacted-by-critical-erlang-otp-flaw/
https://arcticwolf.com/resources/blog/cve-2025-32433/