Cisco is investigating the impact of a recently disclosed Erlang/OTP vulnerability and it has confirmed that several of its products are affected by the critical remote code execution flaw.
It came to light last week that a critical vulnerability allowing device takeover was discovered in the SSH implementation of Erlang/OTP, a collection of libraries, middleware and other tools designed for creating soft real-time systems that require high availability, such as banking, e-commerce, and communications applications.
The flaw, discovered by a team of researchers from Ruhr University Bochum in Germany, is tracked as CVE-2025-32433, and it has been described as an SSH protocol message handling issue that can allow an unauthenticated attacker to gain access to affected systems and execute arbitrary code.
The researchers warned that exploitation can lead to “full compromise of hosts, allowing for unauthorized access to and manipulation of sensitive data by third parties, or denial-of-service attacks”.
CVE-2025-32433 has been patched in OTP-27.3.3, OTP-26.2.5.11 and OTP-25.3.2.20. Previous versions are impacted.
Shortly after the existence of the flaw came to light, the cybersecurity community discovered that exploitation of CVE-2025-32433 is “easy” and technical details and PoC exploits became publicly available within 24 hours.
Qualys researcher Mayuresh Dani told SecurityWeek when the bug was disclosed that many devices may be vulnerable to attacks considering that a majority of Cisco and Ericsson devices run Erlang.
“Any service using Erlang/OTP’s SSH library for remote access such as those used in OT/IoT devices, edge computing devices are susceptible to exploitation,” Dani warned.
SOC company Arctic Wolf has also analyzed potential impact and pointed out that in addition to Ericsson and Cisco, which bundle Erlang with multiple products, the software is used by National Instruments, Broadcom, EMQ Technologies, Very Technology, Apache Software Foundation, and Riak Technologies. However, these typically require the separate installation of Erlang/OTP.
Cisco, which in 2018 estimated that 90% of internet-traffic went through Erlang-controlled nodes, has published an advisory this week to inform customers that it’s investigating the impact of the vulnerability on its products.
Several routing, switching, unified computing, network management and network application products are still under investigation, but Cisco has confirmed that ConfD, Network Services Orchestrator (NSO), Smart PHY, Intelligent Node Manager, and Ultra Cloud Core products are affected.
The networking giant pointed out that while ConfD and NSO are impacted — patches are expected to be released in May — they are not vulnerable to remote code execution because of their configuration.
At the time of writing there do not appear to be any public reports describing in-the-wild exploitation of CVE-2025-32433.
Related: Critical Vulnerability Found in Apache Roller Blog Server
Related: GNU C Library Vulnerability Leads to Full Root Access
Related: Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers
