Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking

Post Views: 11

Many devices could be exposed to complete takeover due to a critical vulnerability discovered recently in the Erlang/OTP SSH library.

Erlang/OTP is a collection of libraries, middleware and other tools designed for creating scalable soft real-time systems that require high availability, such as e-commerce, banking, and communications applications.

A team of researchers from Ruhr University Bochum in Germany discovered that Erlang/OTP’s SSH implementation is affected by a critical vulnerability for which they calculated a CVSS score of 10.

Tracked as CVE-2025-32433, the flaw is related to the SSH protocol message handling, which “allows an attacker to send connection protocol messages prior to authentication”.

The researchers said all SSH servers that leverage the Erlang/OTP SSH library are likely to be impacted, and they drew attention to ones used for remote access.

“The vulnerability allows an attacker to execute arbitrary code in the context of the SSH daemon. If your SSH daemon is running as root, the attacker has full access to your device. Consequently, this vulnerability may lead to full compromise of hosts, allowing for unauthorized access to and manipulation of sensitive data by third parties, or denial-of-service attacks,” the researchers explained.

CVE-2025-32433 has been patched with the release of OTP-27.3.3, OTP-26.2.5.11 and OTP-25.3.2.20. As a workaround, users can prevent potential attacks using firewall rules, the researchers said.

Qualys researcher Mayuresh Dani told SecurityWeek that the vulnerability could allow a remote attacker to install ransomware or obtain sensitive data.

Advertisement. Scroll to continue reading.

“Erlang is frequently found installed on high-availability systems due to its robust and concurrent processing support. A majority of Cisco and Ericsson devices run Erlang. Any service using Erlang/OTP’s SSH library for remote access such as those used in OT/IoT devices, edge computing devices are susceptible to exploitation,” Dani warned.

Related: GNU C Library Vulnerability Leads to Full Root Access

Related: Critical Vulnerability Found in Apache Roller Blog Server

Related: Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers

Source link

What's Hot

Infowars: Chinese AI memes and US media barbs | Donald Trump

Is the US dollar at risk of a ‘confidence crisis’? | Business and Economy News

Supreme Court case pits religious rights versus schools’ use of LGBTQ books

The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools

In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged

Cy4Data Labs Raises $10 Million to Secure Data in Use

Live Events Giant Legends International Hacked

Ahold Delhaize Confirms Data Stolen in Ransomware Attack

Fresh Windows NTLM Vulnerability Exploited in Attacks

Elon Musk Has Made Many People Rich. Not His Ex-Wives

Scale AI Cofounder Is The World’s Youngest Self-Made Woman Billionaire

Columbia University, Target Of Trump’s Ire, Pays The President Millions

Seattle Crosswalks Hacked To Sound Like Jeff Bezos

Infowars: Chinese AI memes and US media barbs | Donald Trump

Is the US dollar at risk of a ‘confidence crisis’? | Business and Economy News

Supreme Court case pits religious rights versus schools’ use of LGBTQ books

Unbeaten Pakistan wrap up Women’s World Cup qualifiers with 7-wicket win over Bangladesh – Sport

Our Picks

OpenAI’s new reasoning AI models hallucinate more

Everything you need to know about the AI chatbot

ChatGPT is referring to users by their names unprompted, and some find it ‘creepy’

What's Hot

Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking

Related Posts

Subscribe to Updates