Erlang SSH Vulnerability: A Hack-tastrophe Waiting to Happen!
Erlang/OTP SSH library’s critical vulnerability, CVE-2025-32433, could lead to device takeovers. Discovered by researchers at Ruhr University Bochum, this flaw allows attackers to send protocol messages pre-authentication, potentially executing arbitrary code. Devices using Erlang’s SSH library, including many Cisco and Ericsson systems, are at risk. Patch now or risk a hacker’s uninvited guest appearance!
Hot Take:
Forget Trick or Treat, it’s Trick or Hack! The Erlang/OTP SSH library just handed out the scariest Halloween surprise with a vulnerability so critical, it practically screams “Welcome, hackers!” If your device’s SSH daemon is running as root, it’s time to pray it’s not yet the latest victim of “CVE-2025-32433: The Great Device Takeover”.
Key Points:
- Erlang/OTP SSH library is hit by a critical vulnerability, CVE-2025-32433, with a CVSS score of 10.
- The flaw allows attackers to send SSH protocol messages before authentication, leading to potential device takeover.
- This vulnerability affects all SSH servers using the Erlang/OTP SSH library, particularly those used for remote access.
- Patching is available with releases OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, with firewall rules as a temporary workaround.
- Devices from major companies like Cisco and Ericsson, and various OT/IoT devices are at risk.
Already a member? Log in here