Servers exposed to complete takeover due to CVE-2025-32433, an unauthenticated remote code execution flaw in Erlang/OTP SSH.
April 17, 2025 By Eduard Kovacs
Many devices could be exposed to complete takeover due to a critical vulnerability discovered recently in the Erlang/OTP SSH library.
Erlang/OTP is a collection of libraries, middleware and other tools designed for creating scalable soft real-time systems that require high availability, such as e-commerce, banking, and communications applications.
A team of researchers from Ruhr University Bochum in Germany discovered that Erlang/OTP’s SSH implementation is affected by a critical vulnerability for which they calculated a CVSS score of 10.
Tracked as CVE-2025-32433, the flaw is related to the SSH protocol message handling, which “allows an attacker to send connection protocol messages prior to authentication”.
