<ciso brief/>
Tag Banner

All news with #erlang otp tag

all tags →

Mon, August 11, 2025

Erlang/OTP SSH RCE: CVE-2025-32433 Exploitation Wave

#Active Exploitation #Auth Bypass #Erlang OTP #Exploit Detected #Patch #RCE #Security Advisory #Threat Report

⚠️ Unit 42 details active exploitation of CVE-2025-32433, a critical (CVSS 10.0) unauthenticated RCE in the Erlang/OTP SSH daemon that processes SSH protocol messages prior to authentication. Researchers reproduced and validated the bug and observed exploit bursts from May 1–9, 2025, with payloads delivering reverse shells and DNS-based callbacks to randomized subdomains. Immediate remediation is to upgrade to OTP-27.3.3, OTP-26.2.5.11 or OTP-25.3.2.20 (or later); temporary measures include disabling SSH, restricting access and applying Unit 42 signature 96163.

read more →