216.73.217.86

Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild

· Published 11/08/2025 14:56 · Modified 11/08/2025 15:42

Export JSON

Essential information

Published
11/08/2025 14:56
Modified
11/08/2025 15:42
Tags
2025-08-11 CVE-2025-32433 critical-infrastructure erlang/otp exploit operational technology remote code execution ssh vulnerability
Related entities
1 vulnerabilities (cve), 2 observables, 13 techniques (mitre), 16 others

Description

A critical () in 's daemon allows unauthenticated , affecting critical infrastructure and networks. With a CVSS score of 10.0, it enables command execution by sending connection protocol messages to open ports. attempts peaked from May 1-9, 2025, with 70% of detections in OT networks. The impacts industries like healthcare, agriculture, media, and high technology. Malicious payloads observed include reverse shells for unauthorized access. Geographic distribution shows high impact in countries like Japan, the U.S., and Brazil. The attempts occur in concentrated bursts, disproportionately affecting OT environments across diverse sectors.

External references