Article Details
Scrape Timestamp (UTC): 2025-08-11 15:11:21.502
Source: https://thehackernews.com/2025/08/researchers-spot-surge-in-erlangotp-ssh.html
Original Article Text
Click to Toggle View
Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls. Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks. The vulnerability in question is CVE-2025-32433 (CVSS score: 10.0), a missing authentication issue that could be abused by an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code. It was patched in April 2025 with versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. Then in June 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. "At the heart of Erlang/OTP's secure communication capabilities lies its native SSH implementation — responsible for encrypted connections, file transfers and most importantly, command execution," Palo Alto Networks Unit 42 researchers Adam Robbie, Yiheng An, Malav Vyas, Cecilia Hu, Matthew Tennis, and Zhanhao Chen said. "A flaw in this implementation would allow an attacker with network access to execute arbitrary code on vulnerable systems without requiring credentials, presenting a direct and severe risk to exposed assets." The cybersecurity company's analysis of telemetry data has revealed that over 85% of exploit attempts have primarily singled out healthcare, agriculture, media and entertainment, and high technology sectors in the U.S., Canada, Brazil, India, and Australia, among others. In the attacks observed, the successful exploitation of CVE-2025-32433 is followed by the threat actors using reverse shells to gain unauthorized remote access to target networks. It's currently not known who is behind the efforts. "This widespread exposure on industrial-specific ports indicates a significant global attack surface across OT networks," Unit 42 said. "Analysis of affected industries demonstrates variance in the attacks." "Attackers are attempting to exploit the vulnerability in short, high-intensity bursts. These are disproportionately targeting OT networks and attempting to access exposed services over both IT and industrial ports."
Daily Brief Summary
A critical flaw in Erlang/OTP SSH, CVE-2025-32433, is being actively exploited, affecting OT firewalls and posing significant risks to operational technology networks.
Approximately 70% of exploit detections are linked to OT networks, with attackers leveraging the vulnerability to execute arbitrary code without credentials.
The vulnerability, with a CVSS score of 10.0, was patched in April 2025, but remains a target due to its severe impact on encrypted communications and command execution.
U.S. CISA added this flaw to its Known Exploited Vulnerabilities catalog in June 2025, acknowledging its active exploitation and potential threat to critical infrastructure.
Attackers have primarily targeted sectors such as healthcare, agriculture, media, and high technology across multiple countries, including the U.S., Canada, and India.
Exploitation often involves using reverse shells for unauthorized remote access, indicating a sophisticated approach to compromising network security.
The widespread exposure of this flaw underscores the need for immediate patching and enhanced security measures in vulnerable sectors to mitigate potential breaches.