216.73.216.233

CVE-2025-32433

· Published 09/06/2025 02:00 · Modified 27/05/2026 21:40 · Author: Cybersecurity and Infrastructure Security Agency

Labels: CVE-2025-32433 2025-04-16CVE-2025-32433CWE-306[email protected]

Essential information

Published
09/06/2025 02:00
Modified
27/05/2026 21:40
Author
Cybersecurity and Infrastructure Security Agency
Creator
Cybersecurity and Infrastructure Security Agency
CVSS
10.0 CRITICAL (v3.1)
CISA KEV
Yes
CWE
CVSS vector
CVSS:3.1/AV:N/C:H/I:H/A:H

CVSS metrics

Description

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
erlang / otp cpe:2.3:a:erlang:otp:<27.3.3:*:*:*:*:*:*:*
erlang / otp cpe:2.3:a:erlang:otp:<26.2.5.11:*:*:*:*:*:*:*
erlang / otp cpe:2.3:a:erlang:otp:<25.3.2.20:*:*:*:*:*:*:*

References

Related entities

Attack reports, intrusion sets, malwares, attack patterns and indicators linked to this vulnerability.

Attack reports (5)