CVE Tools
Sign in
Home/Vulnerability/CVE-2025-32433

CVE-2025-32433

Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

Published: Apr 16, 2025Updated: Nov 4, 2025 Sources: CVE List NVD BDU csaf
NVD MITRE
10.0CVSS
CRITICAL

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

EPSS Score
62.6%
Top 1.6%
CISA KEV
Active Exploitation
Since Jun 9, 2025
Exploits
1 Known
Remediation
Patch Available

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:CC:HI:HA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:CScope
Changed
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High

Weaknesses

CWE-306

Affected Products

erlang\/otp
erlang
OSS Libraries / generic-library
confd basic
cisco
Networking Infrastructure / router-switch
network services orchestrator
cisco
Networking Infrastructure / router-switch
cloud native broadband network gateway
cisco
Networking Infrastructure / router-switch
inode manager
cisco
Networking Infrastructure / router-switch
erlangoss-projectOSS Librariesaka erlang/otp, otp, erlang/ssh
ciscocommercialUSNetworking Infrastructureaka cisco systems, cisco systems inc.
and 28 more affected products View all →

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

CISA Known Exploited Vulnerability
Added to KEV:Jun 9, 2025
Remediation due:Jun 30, 2025

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

1 exploit source identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available

Nuclei Scanner Templates

1 Nuclei template available for automated vulnerability detection.

Templates:1
  • Ready-to-use scanner templates
  • Verified detection rules
  • Direct integration with Nuclei
View Templates — Free

MITRE ATT&CK

2 techniques
Initial Access
View detailed technique mapping

References

https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12
github.com
https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f
github.com
https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891
github.com
and 139 more references View all →

Timeline

Published
Apr 16, 2025
Added to CISA KEV
Jun 9, 2025
Last Updated
Nov 4, 2025
News mentions
3

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-32433 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows