Researchers warn of critical flaw found in Erlang OTP SSH

Researchers warn of critical flaw found in Erlang OTP SSH

The CVE could allow unauthenticated attackers to gain full access to a device. Many of these devices are widely used in IoT and telecom platforms.

CVE-2025-32433 RCE Vulnerability in Erlang/OTP

A security vulnerability exists in Erlang/OTP prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, where a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. Source

CVE-2025-32433: Unauthenticated RCE Vulnerability in Erlang/OTP’s SSH Implementation

Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Key Takeaways A critical vulnerability has been discovered in Erlang/OTP, tracked as CVE-2025-32433,  and has a CVSS score of 10 (critical).  This critical remote code e…