Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking

Post Views: 101

Many devices could be exposed to complete takeover due to a critical vulnerability discovered recently in the Erlang/OTP SSH library.

Erlang/OTP is a collection of libraries, middleware and other tools designed for creating scalable soft real-time systems that require high availability, such as e-commerce, banking, and communications applications.

A team of researchers from Ruhr University Bochum in Germany discovered that Erlang/OTP’s SSH implementation is affected by a critical vulnerability for which they calculated a CVSS score of 10.

Tracked as CVE-2025-32433, the flaw is related to the SSH protocol message handling, which “allows an attacker to send connection protocol messages prior to authentication”.

The researchers said all SSH servers that leverage the Erlang/OTP SSH library are likely to be impacted, and they drew attention to ones used for remote access.

“The vulnerability allows an attacker to execute arbitrary code in the context of the SSH daemon. If your SSH daemon is running as root, the attacker has full access to your device. Consequently, this vulnerability may lead to full compromise of hosts, allowing for unauthorized access to and manipulation of sensitive data by third parties, or denial-of-service attacks,” the researchers explained.

CVE-2025-32433 has been patched with the release of OTP-27.3.3, OTP-26.2.5.11 and OTP-25.3.2.20. As a workaround, users can prevent potential attacks using firewall rules, the researchers said.

Qualys researcher Mayuresh Dani told SecurityWeek that the vulnerability could allow a remote attacker to install ransomware or obtain sensitive data.

Advertisement. Scroll to continue reading.

“Erlang is frequently found installed on high-availability systems due to its robust and concurrent processing support. A majority of Cisco and Ericsson devices run Erlang. Any service using Erlang/OTP’s SSH library for remote access such as those used in OT/IoT devices, edge computing devices are susceptible to exploitation,” Dani warned.

Related: GNU C Library Vulnerability Leads to Full Root Access

Related: Critical Vulnerability Found in Apache Roller Blog Server

Related: Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers

Source link

What's Hot

Mormon church women embrace new sleeveless sacred undergarments

Gardening can lead to mishaps as scary as any Halloween

Cat in the Hat returns in newly discovered Dr. Seuss manuscript

O2 Service Vulnerability Exposed User Location

Madhu Gottumukkala Officially Announced as CISA Deputy Director

BreachRx Lands $15 Million as Investors Bet on Breach-Workflow Software

Printer Company Procolored Served Infected Software for Months

UK Legal Aid Agency Finds Data Breach Following Cyberattack

480,000 Catholic Health Patients Impacted by Serviceaide Data Leak

Billionaire Kwek Leng Beng’s CDL Sells 84% Of Residential Towers Amid Singapore Property Boom

Here’s All The Vineyards, Restaurants And Properties In Which Gavin Newsom Owns Stakes

These Are The Billionaires Cutting Checks To Stop Zohran Mamdani

These Are The Billionaires Cutting Checks To Stop Zohran Mamdani

Mormon church women embrace new sleeveless sacred undergarments

Gardening can lead to mishaps as scary as any Halloween

Cat in the Hat returns in newly discovered Dr. Seuss manuscript

Americans love Halloween and won’t quit spooky season: AP-NORC poll

Our Picks

After Klarna, Zoom’s CEO also uses an AI avatar on quarterly call

Anthropic CEO claims AI models hallucinate less than humans

Anthropic’s latest flagship AI sure seems to love using the ‘cyclone’ emoji

What's Hot

Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking

Related Posts

Subscribe to Updates