Description

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

INFO

Published Date :

2025-04-16T21:34:37.457Z

Last Modified :

2025-04-21T16:38:27.607Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-32433 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32433.

URL Resource
http://www.openwall.com/lists/oss-security/2025/04/16/2 cve-icon
http://www.openwall.com/lists/oss-security/2025/04/18/1 cve-icon
http://www.openwall.com/lists/oss-security/2025/04/18/2 cve-icon
http://www.openwall.com/lists/oss-security/2025/04/18/6 cve-icon
http://www.openwall.com/lists/oss-security/2025/04/19/1 cve-icon
https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py cve-icon cve-icon
https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12 cve-icon cve-icon
https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f cve-icon cve-icon
https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891 cve-icon cve-icon
https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact