CVE-2025-32433

Full RCE Vulnerability in Erlang/OTP

A security vulnerability exists in Erlang/OTP prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, where a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials.

This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.

Mitigations

  • Update to OTP-27.3.3, OTP-26.2.5.11, or OTP-25.3.2.20.
  • Disable the SSH server if not required.
  • Use firewall rules to restrict access to the SSH server.

Rapid Response N-Day Testing

Run the Test Now

🔗 NIST Detail

Read about other CVEs

CVE-2024-23108

Fortinet FortiSIEM 2nd Order Command Injection

Read More

CVE-2023-43208

NextGen Mirth Connect Pre-Auth RCE

Read More

CVE-2023-34992

Fortinet FortiSIEM Command Injection

Read More

NodeZero® Platform

Implement a continuous find, fix, and verify loop with NodeZero

The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.
Explore NodeZero

Recognized By