CVE-2025-32433

CRITICAL
2025-04-16 [email protected]
10.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Mar 28, 2026 - 18:37 vuln.today
Patch Released
Mar 28, 2026 - 18:37 nvd
Patch available
Added to CISA KEV
Nov 04, 2025 - 14:49 cisa
CISA KEV
PoC Detected
Nov 04, 2025 - 14:49 vuln.today
Public exploit code
CVE Published
Apr 16, 2025 - 22:15 nvd
CRITICAL 10.0

Tags

RCE Authentication Bypass Erlang Otp Confd Basic Network Services Orchestrator Cloud Native Broadband Network Gateway Inode Manager Smart Phy Ultra Packet Core Ultra Services Platform Staros Optical Site Manager Ncs 2000 Shelf Virtualization Orchestrator Firmware Enterprise Nfv Infrastructure Software Ultra Cloud Core Rv160W Firmware Rv260 Firmware Rv160 Firmware Rv260P Firmware Rv260W Firmware Rv340 Firmware Rv340W Firmware Rv345 Firmware Rv345P Firmware Debian Linux Suse

Description

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

Analysis

Erlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling, enabling unauthorized system access with CVSS 10.0.

Technical Context

The CWE-306 flaw in SSH protocol message handling allows an attacker to send SSH messages before authentication completes. The SSH server processes these pre-auth messages in a way that enables arbitrary Erlang code execution, which translates to OS command execution.

Affected Products

['Erlang/OTP before OTP-27.3.3', 'Erlang/OTP before OTP-26.2.5.11', 'Erlang/OTP before OTP-25.3.2.20']

Remediation

Update Erlang/OTP immediately. Identify all services using Erlang SSH (RabbitMQ, CouchDB, ejabberd, etc.). Restrict SSH port access. Monitor for exploitation attempts.

Priority Score

170
Low Medium High Critical
KEV: +50
EPSS: +50.3
CVSS: +50
POC: +20

Vendor Status

Share

CVE-2025-32433 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy