Security Intelligence
Loading table of contents...
Loading table of contents...
A critical vulnerability, designated CVE-2025-32433, has been identified in the Secure Shell (SSH) daemon of Erlang/OTP, which could potentially allow unauthenticated threat actors to remotely execute code on affected systems.
The flaw is a result of improper handling of pre-authentication protocol messages within the SSH daemon, the program that listens for incoming SSH connections. CVE-2025-32433 has been assigned the highest severity rating, with a CVSS score of 10.0.
Erlang/OTP is a set of libraries, design principles, and tools built on top of the Erlang programming language that enables features like SSH for remote access. The SSH application within Erlang/OTP facilitates secure remote access to these systems.
Thus, exploiting this vulnerability allows threat actors to execute commands with the same privileges as the SSH daemon, which often runs with root access, potentially leading to full system compromise.
Stay on top of emerging threats.
Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities.
Security researchers have demonstrated that exploiting this vulnerability is relatively straightforward, and proof-of-concept exploits were made publicly available shortly after the disclosure.
Given the ease of exploitation and the widespread use of Erlang/OTP in critical infrastructure, impacted organizations are being urged to upgrade to the fixed versions, 25.3.2.10 and 26.2.4, as soon as possible. Alternatively, as a temporary workaround, access to vulnerable SSH servers can be prevented by suitable firewall rules.
Source: Bleeping Computer
Analysis
The exploitation of CVE-2025-32433 could represent a significant threat because of its combination of severity, ease of exploitation, and the widespread use of Erlang/OTP in critical systems.
Additionally, network defenders may not even realize that applications in their environment rely on the impacted Erlang/OTP SSH daemon, potentially leaving more attack surface exposed. For example, the Erlan/OTP is found in major products, such as CISCO, Broadcom, EMQ, Very Technology, Apache, and Riak.
With a max CVSS score of 10.0 and proof-of-concept exploits already available, it's a high-priority threat, especially for environments that rely on Erlang for highly available, scalable systems such as telecom infrastructure, messaging platforms, and distributed databases. If a threat actor was able to achieve remote code execution, it could lead to the deployment of malware and ransomware or cause a denial-of-service condition.
While direct exploitation of Erlang-specific flaws has been rare historically, the ecosystem it's part of has been in the crosshairs, especially by financially motivated cybercriminals and occasionally state-aligned actors seeking access to high-availability messaging or infrastructure systems.
However, Erlang itself has not been a frequent target of high-profile exploitation, largely because it's a niche technology compared to more mainstream languages and platforms. That said, it has been included in the tech stack of several major applications, including WhatsApp, RabbitMQ, and CouchDB—systems which have been targeted before, even if not directly via Erlang vulnerabilities.
For example, in the past, attackers have targeted vulnerabilities in CouchDB’s HTTP APIs (which is built in Erlang) to achieve remote code execution or gain unauthorized access, often to deploy cryptominers or backdoors.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software like the Erlang/OTP SSH daemon. Field Effect MDR users are automatically notified if a vulnerability is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly recommends that impacted users upgrade to the patched versions as soon as possible, in accordance with the advisory. If patching isn’t possible, impacted users should implement firewall rules that restrict access to the SSH daemon from untrusted sources.
Several other products that use Erlang/OTP may be affected by CVE-2025-32433 and are still under investigation. Organizations should monitor for potential exposure and update impacted applications as soon as updates are available.
