Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild
Essential information
- Published
- 11/08/2025 14:56
- Modified
- 11/08/2025 15:42
- Tags
- 2025-08-11 CVE-2025-32433 critical-infrastructure erlang/otp exploit operational technology remote code execution ssh vulnerability
- Related entities
- 1 vulnerabilities (cve), 2 observables, 13 techniques (mitre), 16 others
Description
A critical vulnerability (CVE-2025-32433) in Erlang/OTP's SSH daemon allows unauthenticated remote code execution, affecting critical infrastructure and operational technology networks. With a CVSS score of 10.0, it enables command execution by sending SSH connection protocol messages to open ports. Exploit attempts peaked from May 1-9, 2025, with 70% of detections in OT networks. The vulnerability impacts industries like healthcare, agriculture, media, and high technology. Malicious payloads observed include reverse shells for unauthorized access. Geographic distribution shows high impact in countries like Japan, the U.S., and Brazil. The exploit attempts occur in concentrated bursts, disproportionately affecting OT environments across diverse sectors.