AI description
CVE-2025-32433 is a vulnerability found in the Erlang/OTP SSH server. It stems from a flaw in the SSH protocol message handling, which allows an attacker with network access to execute arbitrary code on the server without authentication. Specifically, the vulnerability enables a malicious actor to send connection protocol messages before authentication takes place. Successful exploitation could lead to full compromise of the host, unauthorized access, manipulation of sensitive data, or denial-of-service attacks.
- Description
- Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-306
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
66
🚨 New Critical RCE in Erlang/0TP SSH (CVSS 10) - CVE-2025-32433 - Exploitable without authentication needed - Exists in Erlang's built-in SSH server - Commonly found in loT and Teleco gear - Exploit model now in Metasploit and on GitHub
@SoteriaSec_io
19 Apr 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
🚨 CVE-2025-32433: Falla crítica en SSH de Erlang/OTP permite RCE sin autenticación. Horizon3 confirma que es “sorprendentemente fácil” de explotar. Actualiza a 25 .3.2.10 o 26.2.4 ya. #SISAPNews #CVE202532433 #Ciberseguridad https://t.co/1NYggypsL1
@SISAP_LATAM
18 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Organizations are on high alert following the discovery of a critical remote code execution vulnerability in Erlang/OTP's SSH implementation, tracked as CVE-2025-32433. With a CVSS score of 10.0, the flaw allows unauthenticated access for remote code execution, posing severe r...
@CybrPulse
18 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A critical remote code execution vulnerability in Erlang/OTP’s SSH implementation has been publicly disclosed, raising urgent concerns among security teams. With a maximum CVSS score of 10.0, the flaw, CVE-2025-32433, allows unauthenticated attackers to gain complete control o...
@CybrPulse
18 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A critical vulnerability (CVE-2025-32433) in the Erlang/OTP SSH implementation allows unauthenticated remote code execution, posing severe threats including full system compromise. Users running vulnerable versions are at significant risk, with a CVSS score of 10.0 highlightin...
@CybrPulse
18 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-32433 - Critical RCE in Erlang/OTP SSH (CVSS 10) - Exploitable before authentication - Found in Erlang’s built-in SSH server - Used in backend services, IoT, telecom gear - You’re probably running this and don’t even know 🔍 YARA rule to hunt for vulnerable https://
@nextronresearch
18 Apr 2025
1335 Impressions
5 Retweets
16 Likes
4 Bookmarks
0 Replies
1 Quote
https://t.co/PirAaioEHa Erlang/OTPのSSHサーバーに、認証なしでリモートコード実行(RCE)を許す脆弱性CVE-2025-32433が存在します。 SSHプロトコルメッセージ処理の欠陥を悪用することで、攻撃者は不正アクセスし、任意のコマンドを実行可能です。
@topickapp_com
18 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVSS 10.0 RCE in Erlang/OTP SSH CVE-2025-32433 allows unauthenticated RCE via SSH—easy to exploit & affects all versions. Patch now or restrict access! https://t.co/RrbaxosTwK #infosec #Erlang #RCE
@dCypherIO
18 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-32433: CVSS 10.0. Unauth RCE via SSH handshake—no creds needed. Not all workloads are truly exploitable. Sweet’s runtime-first CNAPP shows what’s vulnerable and exposed. 🎯 Prioritize what matters. https://t.co/kAtT6uqfLU https://t.co/GeRvfqvUrl
@Sweet_cloud_sec
18 Apr 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NVD - CVE-2025-32433 https://t.co/IitbgZaTpK
@Mas73r
18 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - ProDefense/CVE-2025-32433 - https://t.co/DTM1ltOL7Y
@piedpiper1616
18 Apr 2025
523 Impressions
0 Retweets
5 Likes
3 Bookmarks
0 Replies
0 Quotes
#Infosec #exploit CVE-2025-32433 https://t.co/Q89S2rdnm6
@Handshaking_py
18 Apr 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**Critical vulnerability CVE-2025-32433 in Erlang/OTP SSH enables RCE, risking systems across industries. Immediate patching and audits are essential!** Learn more:https://t.co/apPsatryZJ #Cybersecurity https://t.co/2gaAU42Qii
@nexsecura
18 Apr 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
匿名のセキュリティ研究者が、Erlang/OTPのSSHアプリケーションに存在する深刻な脆弱性「CVE-2025-32433」の概念実証(PoC)コードを公開した。 https://t.co/lCFrmbVvK7
@yousukezan
18 Apr 2025
1483 Impressions
3 Retweets
9 Likes
2 Bookmarks
0 Replies
0 Quotes
Erlang/OTPの致命的なSSH脆弱性「CVE-2025-32433」が発見されたよ。リモートでコードを実行される可能性があるから、分散システム系は急ぎで対策必要だね https://t.co/GvoZfdXpIP
@techandeco4242
18 Apr 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
極めて容易に悪用可能とされているErlang/OTP SSH CVE-2025-32433 について調査したところ、Erlang関連サーバは膨大な量が発見できますが、Erlang/OTP のSSH公開サーバ自体はグローバルで310IP程度でした。https://t.co/1j8yz6YofP https://t.co/gOQijUVMvI
@nekono_naha
18 Apr 2025
1722 Impressions
2 Retweets
11 Likes
4 Bookmarks
1 Reply
0 Quotes
A critical flaw, CVE-2025-32433, in the Erlang/OTP SSH library, rated CVSS 10, could let remote attackers deploy ransomware or steal data. @Qualys' Mayuresh Dani explains the risk. Learn more: https://t.co/njDqcTyCcY via @SecurityWeek https://t.co/TrRlyB2vsN
@qualys
18 Apr 2025
452 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidad de seguridad crítica en el protocolo SSH de Erlang/Open Telecom Platform (OTP) CVE-2025-32433 https://t.co/GYIa0vvfHd https://t.co/fONPjnqIxX
@elhackernet
17 Apr 2025
3801 Impressions
17 Retweets
53 Likes
2 Bookmarks
1 Reply
1 Quote
A critical RCE vulnerability (CVE-2025-32433) in Erlang/OTP SSH daemon allows unauthenticated access. Rated 10.0 in severity, immediate patching is essential. 🛡️ #Erlang #RuhrUniversity #Germany link: https://t.co/JAjSxUowcb https://t.co/HCdNvqZ8ub
@TweetThreatNews
17 Apr 2025
24 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
📌 تم الكشف عن ثغرة حرجة في SSH الخاص بـ Erlang/OTP، تحمل الرقم CVE-2025-32433، تسمح بتنفيذ تعليمات برمجية عن بُعد بشكل غير موثق على الأجهزة المعرضة. يُوصى بتحديث الأنظمة فوراً لسد هذه الثغرة. https://t.co/MbGHS4oqTU
@Cybercachear
17 Apr 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32433 Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). https://t.co/qYcX89Jsbo
@ytroncal
17 Apr 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in Erlang/OTP's SSH implementation, tracked as CVE-2025-32433, exposes systems to unauthenticated remote code execution, posing a severe risk of system compromise. With a CVSS score of 10.0, the flaw enables attackers to execute arbitrary code on many ...
@CybrPulse
17 Apr 2025
176 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
A critical CVE-2025-32433 vulnerability in Erlang/OTP SSH could allow attackers to execute code without authentication, with a staggering CVSS score of 10.0. This flaw affects systems using the SSH library, which is widely deployed in high-availability environments, raising al...
@CybrPulse
17 Apr 2025
183 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
Just finished reproducing CVE-2025-32433 and putting together a quick PoC exploit — surprisingly easy. Wouldn’t be shocked if public PoCs start dropping soon. If you’re tracking this, now’s the time to take action. #Erlang #SSH https://t.co/hBqJMfFHMN
@Horizon3Attack
17 Apr 2025
39033 Impressions
112 Retweets
341 Likes
168 Bookmarks
12 Replies
4 Quotes
🚨CVE-2025-32433: Critical flaw in Erlang/OTP SSH allows unauthenticated remote code execution (CVSS 10). Patch to OTP-27.3.3, 26.2.5.11, or 25.3.2.20, or use firewall rules to block access. Impacts telecom/IoT systems. #Cybersecurity #RCE https://t.co/5UiDbn4eMS
@torrents
17 Apr 2025
107 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Root RCE in Erlang/OTP SSH — CVE-2025-32433 CVSS 10.0 🔥 Unauth’d remote code exec flaw lets attackers hijack systems using Erlang/OTP’s SSH. 💀 Full system compromise 🧠 Found in high-availability apps (e.g. Cisco, Ericsson) 🌐 IoT, OT, edge devices at major risk https://t.co
@CareWeDoNot
17 Apr 2025
223 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVSS 10.0 Alert CVE-2025-32433 This flaw allows a remote, unauthenticated attacker with network access to an Erlang/OTP SSH server to execute arbitrary code. The implications of successful exploitation are dire. Attackers can achieve arbitrary code execution within the context
@cytexsmb
17 Apr 2025
142 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
1 Quote
🛡️ ¿Tienes equipos Cisco o Ericsson? Una falla puede dejarlos en manos de cibercriminales Fue descubierta en la biblioteca SSH de Erlang/OTP. Es usada en muchos sistemas OT, IoT y de telecomunicaciones, aunque no lo sepas. 📎 El fallo (CVE-2025-32433) permite ejecutar código
@CycuraMX
17 Apr 2025
1552 Impressions
19 Retweets
35 Likes
12 Bookmarks
0 Replies
0 Quotes
🚨 CVSS 10.0 ALERT: Remote Code Execution in Erlang/OTP SSH (CVE-2025-32433) No auth. Full control. Widespread impact. Used in Cisco, Ericsson, OT/IoT, and edge systems, this bug lets attackers run code without logging in. 🔗 Full details → https://t.co/BNJcHkK7pu
@n4itr0_07
17 Apr 2025
487 Impressions
1 Retweet
15 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-32433 ⚠️🔴 CRITICAL (10) 🏢 erlang - otp 🏗️ >= OTP-27.0-rc1, < OTP-27.3.3 🔗 https://t.co/feTAAbX0ki 🔗 https://t.co/UNhsMH2kA2 🔗 https://t.co/o5jNJTMoqK 🔗 https://t.co/kaAAHibsXy #CyberCron #VulnAlert #InfoSec
@cybercronai
17 Apr 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-32433
@transilienceai
17 Apr 2025
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking Servers exposed to complete takeover due to CVE-2025-32433, an unauthenticated remote code execution flaw in Erlang/OTP SSH.Erlang OTP SSH CVE-2025-32433 https://t.co/0ErqwmJPfN https://t.co/8cePtcgYsM
@persistsec
17 Apr 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[Critical RCE in Erlang/OTP SSH – CVE-2025-32433 | Detection + Hunt Guide]Need assistance? response@securityjoes.comA CVSS 10.0 unauthenticated RCE was just disclosed in Erlang/OTP’s SSH implementation. https://t.co/EWc911qUX5
@SecurityJoes
17 Apr 2025
219 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
📌 تم الكشف عن ثغرة أمان حرجة في تنفيذ SSH لـ Erlang/OTP، تتيح تنفيذ كود عشوائي بدون مصادقة في ظل ظروف معينة. الثغرة المعروفة بـ CVE-2025-32433 حصلت على درجة CVSS القصوى 10.0، مما يشير إلى خطورة عالية تتطلب اتخاذ إجراءات فورية. #الامن_السيبراني https://t.co/reyauwkHqx
@Cybercachear
17 Apr 2025
85 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVSS 10.0 ALERT: Remote Code Execution in Erlang/OTP SSH (CVE-2025-32433) No auth. Full control. Widespread impact. Used in Cisco, Ericsson, OT/IoT, and edge systems, this bug lets attackers run code without logging in. If SSH runs as root? Game over. 👀 🔗 Full details →
@TheHackersNews
17 Apr 2025
37056 Impressions
130 Retweets
312 Likes
124 Bookmarks
3 Replies
9 Quotes
🚨Alert🚨 CVE-2025-32433 (CVSS 10): Critical SSH Flaw Allows Unauthenticated RCE in Erlang/OTP.It affects versions prior to OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20 📊490K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/NhdSN1rRIh 👇Query
@HunterMapping
17 Apr 2025
6598 Impressions
22 Retweets
90 Likes
42 Bookmarks
2 Replies
1 Quote
[CVE-2025-32433: CRITICAL] Vulnerability in Erlang/OTP's SSH server versions before OTP-27.3.3, OTP-26.2.5.11, OTP-25.3.2.20 allows unauthenticated RCE. Secure systems with updated patches or firewalls.#cve,CVE-2025-32433,#cybersecurity https://t.co/dLVfMAPW0B https://t.co/9JwYdp
@CveFindCom
16 Apr 2025
104 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH https://t.co/78AAH6g0SP Allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication. Estimated CVSSv3 of 10.0.
@oss_security
16 Apr 2025
3367 Impressions
8 Retweets
26 Likes
10 Bookmarks
0 Replies
1 Quote