- Security researchers find a 10/10 flaw in Erlang / OTP SSH
- The horizon3 attack team says that the defect is “surprisingly easy” to exploit
- A fix is available, so users must update now
Erlang / OTP SSH, a set of libraries for the Erlang programming language, bears a vulnerability of maximum severity which allows the execution of the remote code and is “surprisingly easy” to exploit, the researchers warn.
A team of cybersecurity researchers from Ruhr Bochum University (Germany) recently discovered poor manipulation of messages from the Flaw pre-authentication protocol, which affects all versions of Erlang / OTP SSH. It is followed as CVE-2025-32433 and carries a gravity score of 10/10 (criticism).
ERLANG / OTP SSH is a module of the standard ERLANG / OTP library which provides care for the implementation of Customers and Serviers Secred Shell (SSH) in ERLANG applications.
Execution of the remote code
Erlang is a functional programming language and an execution system designed to build very competitive, distributed and tolerant systems with breakdowns. It was initially developed by Ericsson, for use in telecommunications, but has extended to messaging systems, databases and other applications where availability and scalability are essential.
“The problem is caused by a flaw in the management of messages from the SSH protocol which allows an attacker to send connecting protocol messages before authentication,” said a warning on the Diffusion list for OpenWall vulnerability.
Shortly after the news was announced, safety researchers from the Horizon3 attack team tried to reproduce the fault and found that it was “surprisingly easy”, which should be worrying.
“I have just finished the reproduction of the CVE-2025-32433 and to set up a quick POC feat-surprisingly easy,” said the team on X. “would not be shocked if the public POC soon starts to fall. If you follow this, it’s time to take action.”
Acting would mean the application of the patch which is now available and which reduces the risk. Since all old versions are vulnerable, all users are invited to switch to versions 25.3.2.10 and 26.2.4.
Threatening actors are more active in the short window between a fixed corrected and applied by users. Most organizations are not so diligent in terms of fixes, giving cybercriminals a relatively easy feat avenue.
Via Bleeping Compompute
