CVE-2025-32433
published 2025-04-16CVE-2025-32433: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an…
critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
KEVEXPLOIT
CISA Known Exploited Vulnerabilitydue 2025-06-30
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cloud_native_broadband_network_gateway | < 2025.03.1 | 2025.03.1 |
| cisco | confd_basic | < 7.7.19.1 | 7.7.19.1 |
| cisco | confd_basic | >= 8.0.18 < 8.1.16.2 | 8.1.16.2 |
| cisco | confd_basic | >= 8.2 < 8.2.11.1 | 8.2.11.1 |
| cisco | confd_basic | >= 8.3 < 8.3.8.1 | 8.3.8.1 |
| cisco | confd_basic | >= 8.4 < 8.4.4.1 | 8.4.4.1 |
| cisco | enterprise_nfv_infrastructure_software | < 4.18 | 4.18 |
| cisco | ncs_2000_shelf_virtualization_orchestrator_firmware | < 25.1.1 | 25.1.1 |
| cisco | network_services_orchestrator | < 5.7.19.1 | 5.7.19.1 |
| cisco | network_services_orchestrator | >= 5.8 < 6.1.16.2 | 6.1.16.2 |
| cisco | network_services_orchestrator | >= 6.2 < 6.2.11.1 | 6.2.11.1 |
| cisco | network_services_orchestrator | >= 6.3 < 6.3.8.1 | 6.3.8.1 |
| cisco | network_services_orchestrator | >= 6.4 < 6.4.1.1 | 6.4.1.1 |
| cisco | network_services_orchestrator | >= 6.4.2 < 6.4.4.1 | 6.4.4.1 |
| cisco | optical_site_manager | < 25.2.1 | 25.2.1 |
| cisco | products_unauthenticated | — | — |
| cisco | smart_phy | < 25.2 | 25.2 |
| cisco | staros | < 2025.03 | 2025.03 |
| cisco | ultra_cloud_core | < 2025.03.1 | 2025.03.1 |
| cisco | ultra_packet_core | < 2025.03 | 2025.03 |
| debian | debian_linux | — | — |
| debian | erlang | < erlang 1:25.2.3+dfsg-1+deb12u1 (bookworm) | erlang 1:25.2.3+dfsg-1+deb12u1 (bookworm) |
| erlang | erlang_otp | < 25.3.2.20 | 25.3.2.20 |
| erlang | erlang_otp | >= 0 < 1:23.2.6+dfsg-1+deb11u2 | 1:23.2.6+dfsg-1+deb11u2 |
| erlang | erlang_otp | >= 0 < 1:25.2.3+dfsg-1+deb12u1 | 1:25.2.3+dfsg-1+deb12u1 |
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
osv10.0CRITICAL
vulncheck10.0CRITICAL
cisa10.0CRITICAL