A serious security vulnerability has been identified within the SSH implementation of the Erlang/Open Telecom Platform (OTP), which could allow an attacker to execute arbitrary code without requiring prior authentication under specific circumstances.
Designated as CVE-2025-32433, this flaw has been assigned a maximum CVSS score of 10.0.
Researchers from Ruhr University Bochum, including Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk, indicated that “an attacker with network access to an Erlang/OTP SSH server can execute arbitrary code without authenticating previously.”
The vulnerability arises due to inadequate handling of SSH protocol messages, allowing an attacker to transmit connection messages before authentication takes place. Successful exploitation may enable arbitrary code execution within the context of the SSH daemon.
This issue poses a heightened risk, especially if the daemon operates with root privileges, granting attackers full control over the affected device, facilitating unauthorized access to sensitive data, and potentially causing denial-of-service (DoS) disruptions.
Organizations utilizing an SSH server based on the Erlang/OTP SSH library are likely impacted by CVE-2025-32433. It is advisable to upgrade to patched versions, including OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. For immediate mitigation, implementing firewall rules to restrict access to vulnerable SSH servers is recommended.
In a communication with The Hacker News, Mayuresh Dani, security research manager at Qualys, labeled the vulnerability as intensely critical, encompassing risks such as the potential installation of ransomware or data theft.
“Erlang is commonly found in high-availability systems due to its capabilities for robust, concurrent processing,” he added, highlighting that numerous Cisco and Ericsson devices operate on Erlang.
“Any service employing Erlang/OTP’s SSH library for remote access, including those within operational technology (OT)/IoT ecosystems and edge computing, faces vulnerability. Timely upgrades to the fixed Erlang/OTP or vendor-supported versions are essential for remediation. Organizations requiring additional time for installation should limit SSH port access to verified users only.”
Researchers Aim to Illuminate Potential Consequences
The Operational Technology (OT) security platform Frenos has also underscored the extreme seriousness of CVE-2025-32433, particularly given its widespread application within critical infrastructure sectors.
“This vulnerability arises from the Erlang SSH implementation failing to properly enforce the SSH protocol sequence,” the company explained. “Typically, SSH mandates strict authentication prior to any operational channel, a requirement that this vulnerability bypasses, enabling the transmission of operational commands before authentication is completed.”
“The repercussions could be dire – ranging from unauthorized access to sensitive industrial systems to severe disruptions within critical infrastructure operations.”
Proof of Concept Emerges
The cybersecurity firm Horizon3.ai reported that it successfully created a proof-of-concept (PoC) exploit for CVE-2025-32433, indicating that the process was “surprisingly straightforward,” thus underlining the urgency for users to apply necessary patches without delay.
Cisco Confirms Multiple Affected Products
Networking giant Cisco has acknowledged that several of its products, including ConfD, Network Services Orchestrator (NSO), Smart PHY, Intelligent Node Manager, and Ultra Cloud Core, are vulnerable to CVE-2025-32433. Patches for ConfD and NSO are anticipated to be released by the following month.
“While these products are identified as vulnerable by accepting unauthenticated channel request messages, due to their specific configurations they are not at risk of remote code execution,” Cisco stated.
In an advisory released earlier this week, cybersecurity firm Arctic Wolf noted that Erlang is integrated into numerous products from the Apache Software Foundation, Broadcom, EMQ Technologies, Ericsson, National Instruments, Riak Technologies, and Very Technology.
There is currently no evidence that this vulnerability has been maliciously exploited, although a proof-of-concept exploit has been documented. “Erlang is extensively utilized in networking hardware that serves as an essential foundation for the internet, with SSH being the method for establishing secure connections within the control plane managing many devices,” remarked security researcher Andres Ramos.
This supply chain risk extends to industrial control systems (ICS) and operational technology (OT) devices, which include routers, switches, and smart sensors.
