A severe vulnerability, tracked as CVE-2025-32433, has been discovered in the Erlang/OTP SSH implementation and affects all devices running the Erlang/OTP SSH daemon. This flaw allows unauthenticated remote code execution on affected devices. With SSH being a widely used remote access protocol, the vulnerability poses a significant risk, especially in critical infrastructure. Researchers warn that threat actors could soon begin scanning for and exploiting vulnerable systems.
The vulnerability arises from improper handling of pre-authentication SSH protocol messages, enabling attackers to send commands before authentication. This can lead to arbitrary code execution with the same privileges as the SSH daemon, often running as root, thereby fully compromising the system.
It has been described that SSH requires authentication before allowing any channel operations, however the vulnerability allows the attacker to bypass it by sending channel operation messages before authentication completes.
Researchers successfully reproduced the flaw and found it surprisingly easy to exploit, demonstrating a proof-of-concept (PoC) that writes a file as root on affected systems. Therefore, with PoC exploits already published the urgency of patching increases.
Mitigations
- Update: Users are advised to update to OTP-27.3.3 (for OTP-27), OTP-26.2.5.11 (for OTP-26), or OTP-25.3.2.20 (for OTP-25) to mitigate this issue.
- Temporary Workaround: Until upgrading to a fixed version, we recommend disabling the SSH server or to prevent access via firewall rules.
Don’t forget to share this article
