Search for vulnerabilities
Vulnerability details: VCID-k2ft-41tf-mbbs
Vulnerability ID VCID-k2ft-41tf-mbbs
Aliases CVE-2025-32433
Summary Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-306 Missing Authentication for Critical Function
System Score Found at
epss 0.57795 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.61931 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.67367 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.67367 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.67367 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.67367 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.67367 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.67367 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.67367 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.67367 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.67367 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.67367 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.67367 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.67367 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.67367 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.67367 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
epss 0.69817 https://api.first.org/data/v1/epss?cve=CVE-2025-32433
cvssv3.1 9.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 10 https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12
ssvc Act https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12
cvssv3.1 10 https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f
ssvc Act https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f
cvssv3.1 10 https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891
ssvc Act https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891
cvssv3.1 10 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
ssvc Act https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2025-32433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32433
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy
https://security.netapp.com/advisory/ntap-20250425-0001/
http://www.openwall.com/lists/oss-security/2025/04/16/2
http://www.openwall.com/lists/oss-security/2025/04/18/1
http://www.openwall.com/lists/oss-security/2025/04/18/2
http://www.openwall.com/lists/oss-security/2025/04/18/6
http://www.openwall.com/lists/oss-security/2025/04/19/1
0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12 https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12
1103442 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103442
6eef04130afc8b0ccb63c9a0d8650209cf54892f https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f
b1924d37fd83c070055beb115d5d6a6a9490b891 https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891
cpe:2.3:a:cisco:cloud_native_broadband_network_gateway:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:cloud_native_broadband_network_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:enterprise_nfv_infrastructure_software:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:enterprise_nfv_infrastructure_software:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:inode_manager:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:inode_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ultra_cloud_core:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:ultra_cloud_core:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ultra_packet_core:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:ultra_packet_core:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ultra_services_platform:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:ultra_services_platform:-:*:*:*:*:*:*:*
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*
CVE-2025-32433 https://nvd.nist.gov/vuln/detail/CVE-2025-32433
GHSA-37cp-fgq5-7wc2 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
USN-7443-1 https://usn.ubuntu.com/7443-1/
USN-7443-2 https://usn.ubuntu.com/7443-2/
USN-7443-3 https://usn.ubuntu.com/7443-3/
Data source Metasploit
Description This module detect and exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH servers that allows remote command execution. By sending crafted SSH packets, it executes a payload to establish a reverse shell on the target system. The exploit leverages a flaw in the SSH protocol handling to execute commands via the Erlang `os:cmd` function without requiring authentication.
Note 
Stability:
  - crash-safe
Reliability:
  - repeatable-session
SideEffects:
  - ioc-in-logs
Ransomware campaign use Unknown
Source publication date April 16, 2025
Platform Linux,Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/ssh/ssh_erlangotp_rce.rb
Data source KEV
Date added June 9, 2025
Description Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.
Required action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due date June 30, 2025
Note 
This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy ; https://nvd.nist.gov/vuln/detail/CVE-2025-32433
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-06-09T17:53:15Z/ Found at https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-06-09T17:53:15Z/ Found at https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-06-09T17:53:15Z/ Found at https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-06-09T17:53:15Z/ Found at https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
Exploit Prediction Scoring System (EPSS)
Percentile 0.98064
EPSS Score 0.57795
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:51:55.412974+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7443-1/ 37.0.0