Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Critical Erlang/OTP SSH RCE Bug Exposes Telecom, Database, and High-Availability Systems to Remote Code Execution



A newly disclosed critical vulnerability in Erlang/OTP SSH allows unauthenticated attackers to remotely execute code on impacted devices, putting telecom, database, and high-availability systems at risk. Public exploits are now available for the CVE-2025-32433 bug, which was fixed in versions 25.3.2.10 and 26.2.4. With over 600,000 IP addresses running Erlang/OTP, threat actors will soon begin scanning for vulnerable systems, prompting experts to urge immediate patching of devices running the daemon.

  • CVE-2025-32433, a critical Erlang/OTP SSH vulnerability, has public exploits available.
  • The bug allows unauthenticated attackers to remotely execute code on impacted devices.
  • The flaw was fixed in versions 25.3.2.10 and 26.2.4, but updating devices may be challenging due to the platform's common use in telecom infrastructure.
  • Multiple cybersecurity researchers have created private exploits that achieve remote code execution on vulnerable devices.
  • Public PoC (Proof of Concept) exploits were published on GitHub and Pastebin, making it easy for threat actors to exploit the vulnerability.
  • The risk is high due to the widespread use of Erlang/OTP SSH in critical infrastructure and telecommunication systems.
  • It's strongly advised that all devices running Erlang OTP SSH be upgraded immediately to prevent exploitation by threat actors.



    • Critical Erlang/OTP SSH RCE bug now has public exploits, patch now


    By Lawrence Abrams




    April 19, 2025
    10:05 AM
    0





    Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices.
    Researchers at the Ruhr University Bochum in Germany disclosed the flaw on Wednesday, warning that all devices running the daemon were vulnerable.
    "The issue is caused by a flaw in the SSH protocol message handling which allows an attacker to send connection protocol messages prior to authentication," reads a disclosure on the OpenWall vulnerability mailing list.
    The flaw was fixed in versions 25.3.2.10 and 26.2.4, but as the paltform is commonly used in telecom infrastructure, databases, and high-availability systems, it may not be easy to update devices immediately.
    However, the situation has become more urgent, as multiple cybersecurity researchers have privately created exploits that achieve remote code execution on vulnerable devices.
    This includes Peter Girnus of the Zero Day Initiative and researchers from Horizon3, who said the flaw was surprisingly easy to exploit.
    Soon after, PoC exploits were published on GitHub by ProDefense, and another was published anonymously on Pastebin, with both quickly shared on social media.
    Girnus confirmed to BleepingComputer that ProDefense's PoC is valid but was not able to successfully exploit Erlang/OTP SSH using the one posted to Pastebin.
    Now that public exploits are available, threat actors will soon begin scanning for vulnerable systems and exploiting them.
    "SSH is the most commonly used remote access management protocol so I expect this combination to be widespread in critical infrastructure," Girnus told BleepingComputer.
    "It's a bit concerning especially considering how frequently telcos are targeted by nation state APTs such as Volt and Salt Typhoon for example."
    Girnus refers to the Chinese state-sponsored hacking groups responsible for hacking edge networking equipment and breaching telecommunications providers in the US and worldwide.
    While it is unclear how many devices are utilizing the Erlang OTP's SSH daemon, over 600,000 IP addresses are running Erlang/OTP according to a Shodan query shared by Girnus.
    "These are mostly CouchDB instances, CouchDB is implemented in Erlang and runs on the Erlang/OTP platform," the researcher explained in a chat about the public exploits.
    Now that public exploits are available, it is strongly advised that all devices running Erlang OTP SSH be upgraded immediately before threat actors compromise them.

    Related Articles:
    Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch nowASUS warns of critical auth bypass flaw in routers using AiCloudWindows NTLM hash leak flaw exploited in phishing attacks on governmentsApple fixes two zero-days exploited in targeted iPhone attacksHackers exploit WordPress plugin auth bypass hours after disclosure.











    Related Information:
  • https://www.ethicalhackingnews.com/articles/Critical-ErlangOTP-SSH-RCE-Bug-Exposes-Telecom-Database-and-High-Availability-Systems-to-Remote-Code-Execution-ehn.shtml

  • https://www.bleepingcomputer.com/news/security/public-exploits-released-for-critical-erlang-otp-ssh-flaw-patch-now/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-32433

  • https://www.cvedetails.com/cve/CVE-2025-32433/

  • https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/

  • https://cybersecuritynews.com/apt-attack/

  • https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a

  • https://rhisac.org/threat-intelligence/four-chinese-apt-groups-target-critical-infrastructure-disruption/

  • https://en.wikipedia.org/wiki/Salt_Typhoon

  • https://www.varonis.com/blog/salt-typhoon


    • Published: Sat Apr 19 16:49:51 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us