A critical security vulnerability has been identified in the Erlang/Open Telecom Platform (OTP) SSH implementation, designated as CVE-2025-32433. This flaw has been assigned the highest possible Common Vulnerability Scoring System (CVSS) score of 10.0, indicating its severity. The vulnerability allows attackers to execute arbitrary code without authentication, potentially leading to complete system compromise.
Vulnerability Details
The issue resides in the SSH protocol’s message handling mechanism within Erlang/OTP. Specifically, the flaw permits attackers to send connection protocol messages before the authentication process is completed. This vulnerability affects all versions of Erlang/OTP that include an SSH server component, regardless of the underlying version.
Proof-of-Concept Exploit
Security researchers from Horizon3’s Attack Team have successfully reproduced the vulnerability and developed a proof-of-concept (PoC) exploit. They described the exploitation process as surprisingly easy, raising concerns about the potential for widespread attacks. The team shared their findings on social media, emphasizing the urgency for organizations to address this issue promptly.
Potential Impact
Erlang is widely deployed in critical infrastructure, including telecommunications equipment from major vendors, as well as in Internet of Things (IoT) and operational technology (OT) environments. The ease of exploitation and the widespread use of Erlang/OTP make this vulnerability particularly dangerous. Successful exploitation could allow threat actors to install ransomware, steal sensitive data, or perform other malicious activities. Commands executed through this vulnerability would run with the same privileges as the SSH daemon, which often operates with root privileges, leading to complete system takeover.
Mitigation Steps
The Erlang/OTP team has released patches to address this vulnerability. Organizations are strongly advised to upgrade to the following patched versions:
– OTP-27.3.3 (for systems running OTP-27.x)
– OTP-26.2.5.11 (for systems running OTP-26.x)
– OTP-25.3.2.20 (for systems running OTP-25.x)
For systems that cannot be immediately updated, the following workarounds are recommended:
– Restrict access to SSH ports using firewall rules.
– Disable the Erlang/OTP SSH server if it is not essential.
– Limit SSH access to trusted IP addresses only.
Given the severity of this vulnerability and the availability of working exploits, immediate action is essential. Organizations should identify all systems running Erlang/OTP SSH services and prioritize patching to mitigate potential risks.
