A critical security alert has been issued for organizations using Erlang/OTP after researchers published a proof-of-concept (PoC) exploit for a severe remote code execution (RCE) vulnerability, tracked as CVE-2025-32433.
The flaw, which affects the SSH implementation in Erlang/OTP, now presents an active exploitation risk, prompting urgent calls for immediate remediation.
Vulnerability Details and Impact
Discovered by Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of Ruhr University Bochum, CVE-2025-32433 is rated with the maximum CVSS score of 10.0, underscoring its criticality.
The vulnerability arises from improper handling of SSH protocol messages, enabling unauthenticated attackers to send malicious payloads during the SSH connection phase, before authentication occurs.
This allows remote adversaries to execute arbitrary code on affected systems without needing credentials.
If the SSH daemon runs with root privileges, successful exploitation grants attackers full control over the target system.
This could lead to manipulation of sensitive data, deployment of ransomware, infrastructure hijacking, or denial-of-service attacks. “This vulnerability is a worst-case scenario for exposed systems,” the researchers warned, highlighting the potential for widespread compromise.
Erlang/OTP’s SSH library is widely deployed in telecommunications, IoT, and high-availability environments, powering platforms such as RabbitMQ, Elixir, and CouchDB.
The supply chain risk is significant, as Erlang is embedded in critical infrastructure, including devices from major vendors like Cisco and Ericsson.
Active Exploitation and Public PoC
The urgency escalated after multiple researchers, including those from Horizon3 and the Zero Day Initiative, reported that the flaw was “surprisingly easy” to exploit.
Public PoC exploits soon appeared on GitHub and Pastebin, rapidly circulating on social media and raising the risk of mass exploitation.
Mitigation and Recommendations
The Erlang/OTP team released patches on April 16, 2025. All users running affected versions—OTP-27.3.2 and earlier, OTP-26.2.5.10 and earlier, OTP-25.3.2.19 and earlier—are urged to upgrade immediately to OTP-27.3.3, OTP-26.2.5.11, or OTP-25.3.2.20.
For systems where immediate patching is not possible, administrators should:
- Restrict SSH access using firewall rules or limit connections to trusted IPs.
- Disable the SSH service if not essential.
- Audit systems for unusual activity, as exploitation may have occurred before patch deployment.
Industry Response
Cybersecurity agencies worldwide have issued alerts, emphasizing the need for prioritized remediation.
The Ruhr University team stressed transparency and rapid response, stating, “Organizations must act now—this is not a theoretical risk.”
With the PoC code now public and the vulnerability trivial to exploit, CVE-2025-32433 poses an imminent threat to a vast number of systems globally.
Organizations relying on Erlang/OTP for SSH connectivity must treat this vulnerability with the highest urgency to prevent potentially catastrophic breaches.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The flaw, which affects the SSH implementation in Erlang/OTP, now presents an active exploitation risk, prompting urgent calls for immediate remediation.){kind=link}