🔴 CVE-2025-32433

CVE-2025-32433 is a critical pre-authentication remote code execution vulnerability in Erlang/OTP SSH servers with a CVSS score of 10.0. The vulnerability allows unauthenticated attackers to execute arbitrary commands by exploiting flaws in SSH protocol message handling, with active exploitation confirmed in the wild.

← Back to Overview
HIGH_RISK
Risk Level
10.0
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-04-16

Added to CISA KEV: 2025-06-09 54 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-09-06)

CVE-2025-32433 is a critical remote code execution (RCE) vulnerability affecting Erlang/OTP SSH servers [1][2]. Here's what is known about its exploitation:

  • Impact on Internet-Facing Applications/Services: The vulnerability specifically targets SSH servers, which are often exposed to the internet [1]. If you run an Erlang/OTP SSH server exposed to the internet, it is recommended to patch immediately or shut it off [1].
  • Evidence of Active Exploitation: Exploitation of CVE-2025-32433 in Erlang/OTP is active [3]. There have been multiple campaigns observed exploiting this vulnerability, indicating a need for urgent patching [3].
  • Attack Vectors and Exploitation Methods: The vulnerability exists due to a flaw in SSH protocol message handling [4][2]. This flaw allows an unauthenticated attacker to execute arbitrary code remotely [5][2]. An attacker can perform unauthenticated remote code execution by exploiting this flaw in SSH protocol message handling [4].
  • Targeted Attacks: While it's not explicitly stated that CVE-2025-32433 has been used in "targeted attacks," the active exploitation and the severity of unauthenticated RCE suggest it could be used in such attacks [3][5].
  • CISA Known Exploited Vulnerabilities Status: CISA has added CVE-2025-32433 to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation [6].
  • Technical Details about Internet Exploitability: CVE-2025-32433 allows unauthenticated remote threat actors to achieve remote code execution (RCE) in the SSH daemon [5]. The vulnerability can be exploited due to a flaw in SSH protocol message handling, allowing an unauthenticated attacker to execute arbitrary code [4][2].

Sources

  1. CVE-2025-32433 - Serious Remote Code Execution in Erlang/OTP ... - cve.news

    Conclusion CVE-2025-32433 is a critical flaw. If you run an Erlang/OTP SSH server exposed to the internet, patch immediately or shut it off. Stay safe—keep up-to-date, subscribe to official Erlang Mailing List for alerts, and always firewall sensitive endpoints. *For more details: Erlang/OTP Securit…

  2. CVE-2025-32433: Erlang/OTP SSH Unauthenticated Remote Code ... - Tenable

    CVE-2025-32433 is a remote code execution (RCE) vulnerability affecting the Erlang/OTP SSH server. The vulnerability exists due to a flaw in the SSH protocol message handling which could allow an unauthenticated attacker to execute arbitrary code.

  3. Observed Exploitation of CVE-2025-32433 in the Wild

    Exploitation of CVE-2025-32433 in Erlang/OTP is active. Multiple campaigns and varied payloads highlight need for urgent patching.

  4. CVE-2025-32433 Detail - NVD

    Vulnerabilities. CVE-2025-32433 Detail. Description. Erlang/OTP is a set of libraries for the Erlang programming language.

  5. CVE-2025-32433: Maximum Severity Unauthenticated... - Arctic Wolf

    CVE-2025-32433 allows unauthenticated remote threat actors to achieve remote code execution (RCE) in the SSH daemon.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed