An anonymous security researcher has published proof-of-concept code for CVE-2025-32433, a critical vulnerability in the Erlang/OTP SSH application. The flaw enables unauthenticated remote code execution on systems running vulnerable versions of Erlang/OTPβs SSH server β a major concern for environments relying on Erlang for high-availability and telecom-grade infrastructure.
Erlang/OTP (Open Telecom Platform) is a widely adopted stack of libraries, tools, and design principles built atop the Erlang programming language. Renowned for its fault-tolerant, distributed, and concurrent systems, Erlang/OTP is a backbone of telecommunications, messaging systems, and high-availability services.
The SSH application within Erlang/OTP allows secure remote access β but it is this very component that now poses a significant risk.
Discovered by Fabian BΓ€umer, Marcus Brinkmann, Marcel Maehren, and JΓΆrg Schwenk of Ruhr University Bochum, the vulnerability was assigned a CVSS score of 10.0, signaling maximum severity. According to a disclosure posted on the OpenWall mailing list:
βThe issue is caused by a flaw in the SSH protocol message handling which allows an attacker to send connection protocol messages prior to authentication.β
In other words, the SSH daemon in Erlang/OTP fails to correctly process pre-authentication messages, opening the door for remote attackers to send crafted payloads and execute arbitrary commands as root β the same privileges under which the daemon typically runs.
The situation escalated after Horizon3βs Attack Team publicly confirmed they had reproduced the flaw and developed a working proof-of-concept (PoC):
βJust finished reproducing CVE-2025-32433 and putting together a quick PoC exploit β surprisingly easy. Wouldnβt be shocked if public PoCs start dropping soon. If youβre tracking this, nowβs the time to take action,β the team posted on X.
Shortly after, PoC code began circulating on Pastebin, raising the urgency of patching exposed systems. Also, security researcher Matt Keeley from ProDefense drops a Python script for exploiting this flaw.
Any system running an SSH server that relies on the Erlang/OTP SSH library is potentially vulnerable to CVE-2025-32433. This could encompass a wide array of devices and servers across various industries.
Fortunately, the Erlang/OTP team has acted swiftly to address this critical flaw. Patched versions are now available, and immediate updating is the paramount recommendation. Users should upgrade their Erlang/OTP installations to the following versions or later:
OTP-27.3.3OTP-26.2.5.11OTP-25.3.2.20For organizations that face immediate challenges in applying updates, temporary workarounds can provide a crucial layer of defense:
Implement Firewall Rules: Restrict access to vulnerable SSH servers by implementing strict firewall rules, limiting connections only to trusted IP addresses or networks.Disable SSH if Unnecessary: If remote access via SSH is not currently required, the most secure course of action is to temporarily disable the SSH daemon altogether.