Description

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

INFO

Published Date :

2025-04-16T21:34:37.457Z

Last Modified :

2026-02-26T18:28:12.084Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-32433 vulnerability.

Vendors Products
Cisco
  • Cloud Native Broadband Network Gateway
  • Confd Basic
  • Enterprise Nfv Infrastructure Software
  • Inode Manager
  • Ncs 1001
  • Ncs 1002
  • Ncs 1004
  • Ncs 2000 Shelf Virtualization Orchestrator Firmware
  • Ncs 2000 Shelf Virtualization Orchestrator Module
  • Network Services Orchestrator
  • Optical Site Manager
  • Rv160
  • Rv160 Firmware
  • Rv160w
  • Rv160w Firmware
  • Rv260
  • Rv260 Firmware
  • Rv260p
  • Rv260p Firmware
  • Rv260w
  • Rv260w Firmware
  • Rv340
  • Rv340 Firmware
  • Rv340w
  • Rv340w Firmware
  • Rv345
  • Rv345 Firmware
  • Rv345p
  • Rv345p Firmware
  • Smart Phy
  • Staros
  • Ultra Cloud Core
  • Ultra Packet Core
  • Ultra Services Platform
Debian
  • Debian Linux
Erlang
  • Erlang\/otp
  • Otp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32433.

URL Resource
http://www.openwall.com/lists/oss-security/2025/04/16/2 cve-icon
http://www.openwall.com/lists/oss-security/2025/04/18/1 cve-icon
http://www.openwall.com/lists/oss-security/2025/04/18/2 cve-icon
http://www.openwall.com/lists/oss-security/2025/04/18/6 cve-icon
http://www.openwall.com/lists/oss-security/2025/04/19/1 cve-icon
https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py cve-icon cve-icon
https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12 cve-icon cve-icon
https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f cve-icon cve-icon
https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891 cve-icon cve-icon
https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html cve-icon
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20250425-0001/ cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact