Article Details
Scrape Timestamp (UTC): 2025-04-17 09:20:52.302
Source: https://thehackernews.com/2025/04/critical-erlangotp-ssh-vulnerability.html
Original Article Text
Click to Toggle View
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution. A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0. "The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication," Ruhr University Bochum researchers Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk said. The issue stems from improper handling of SSH protocol messages that essentially permit an attacker to send connection protocol messages prior to authentication. Successful exploitation of the shortcomings could result in arbitrary code execution in the context of the SSH daemon. Further exacerbating the risk, if the daemon process is running as root, it enables the attacker to have full control of the device, in turn, paving the way for unauthorized access to and manipulation of sensitive data or denial-of-service (DoS). All users running an SSH server based on the Erlang/OTP SSH library are likely affected by CVE-2025-32433. It's recommended to update to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. As temporary workarounds, access to vulnerable SSH servers can be prevented using appropriate firewall rules. In a statement shared with The Hacker News, Mayuresh Dani, manager of security research at Qualys, described the vulnerability as extremely critical and that it can allow a threat actor to perform actions such as installing ransomware or siphoning off sensitive data. "Erlang is frequently found installed on high-availability systems due to its robust and concurrent processing support," Dani said. "A majority of Cisco and Ericsson devices run Erlang." "Any service using Erlang/OTP's SSH library for remote access such as those used in OT/IoT devices, edge computing devices are susceptible to exploitation. Upgrading to the fixed Erlang/OTP or vendor-supported versions will remediate the vulnerability. Should organizations need more time to install upgrades, they should restrict SSH port access to authorized users alone."
Daily Brief Summary
A dire security flaw was identified in Erlang/Open Telecom Platform (OTP) SSH, allowing potential unauthenticated arbitrary code execution.
Designated CVE-2025-32433, the vulnerability received the highest severity rating (CVSS 10.0).
Attackers can exploit the flaw by sending SSH protocol messages before authentication, leading to arbitrary code execution.
If exploited, especially on systems where the daemon runs as root, attackers could fully control the device and manipulate or leak sensitive data.
Affected versions impact all users with Erlang/OTP SSH servers; updating to versions OTP-27.3.3, OTP-26.2.5.11, or OTP-25.3.2.20 is advised.
Temporary protection can be achieved by restricting access to vulnerable SSH servers through firewall settings.
The flaw is especially critical for high-availability systems and devices using Erlang, such as those manufactured by Cisco and Ericsson.
Close attention and prompt action, including upgrades or access limitations, are necessary to mitigate risks associated with this vulnerability.