KEVIntel
PRO Back to KEVs
10.0
CVSS
Critical

CVE-2025-32433

PUBLISHED

Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

1 day faster than CISA KEV

Exploited in the wild PoC available Remote Low complexity No user interaction
Vendor
erlang
Product
otp
Published
Apr 16, 2025
EPSS
59.3% · 98% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

cisa

Weaknesses (CWE)

  • CWE-306

    Missing Authentication for Critical Function

CVSS scores

CVSS v3.1 10.0 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2026-06-01 13:30:39 UTC · CISA

Proof of concept available

Recorded 2025-04-24 21:14:12 UTC · GitHub

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE First 2026-06-01 10:32 UTC
CISA 2026-06-02 14:07 UTC

Scanner integrations

Scanner Reference Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/ssh_erlangotp_rce.rb Jun 09, 2025

Recent mentions

Reducing Remediation Time Remains a Challenge: How Tenable Vulnerability Watch Can Help

Tenable Blog · Apr 25, 2025

Timely vulnerability remediation is an ongoing challenge for organizations as they struggle to prioritize the exposures that represent the greatest risk to their operations. Existing scoring systems are invaluable but can lack context. Here’s how Tenable’s Vulnerability Watch classification system can help.BackgroundOver the past six years working in Tenable’s research organization, I’ve watched known vulnerabilities and zero-day flaws plague organizations in the immediate aftermath of disclosure or even years afterwards. Following each blog post or threat report we’ve published, I kept coming back to the same question: Why are so many organizations struggling to remediate vulnerabilities in a timely manner?As someone who followed the evolution of COVID-19 variants throughout the beginning of the pandemic, I saw that the World Health Organization (WHO) began to label new variants under a classification system as the virus began to mutate. This classification system was designed to help prioritization efforts for monitoring and research. It included accessible labels like variants of interest and variants of concern to help communicate urgency and focus global attention.I began to wonder: What if we borrowed from the same type of classification system used by the WHO and applied it to vulnerability intelligence? Numeric-based systems like the Common Vulnerability Scoring System (CVSS) and Exploit Prediction Scoring System (EPSS) provide mechanisms for prioritization based on scoring. However, they don’t always provide enough context to help decision makers. So, what if we used simple, clear and status-based terminology to communicate risks surrounding vulnerabilities in order to guide action?This led us to develop Vulnerability Watch, a classification system for vulnerabilities inspired by the WHO’s classification of COVID-19 variants. Vulnerability Watch is a small, but important part of Tenable’s Vulnerability Intelligence offering that was launched in 2024. Now,…

Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server: April 2025

Cisco Security Advisory · Apr 25, 2025

On April 16, 2025, a critical vulnerability in the Erlang/OTP SSH server was disclosed. This vulnerability could allow an unauthenticated, remote attacker to perform remote code execution (RCE) on an affected device. The vulnerability is due to a flaw in the handling of SSH messages during the authentication phase. For a description of this vulnerability, see the Erlang announcement. This advisory will be updated as additional information becomes available. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy Security Impact Rating: Critical CVE: CVE-2025-32433

CVE-2025-32433

Horizon3.ai Attack Research · Apr 21, 2025

Full RCE Vulnerability in Erlang/OTP

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

MrDreamReal/CVE-2025-32433

github · Created 2025-04-27 02:18:55 UTC · 0 stars

CVE-2025-32433 Summary and Attack Overview

becrevex/CVE-2025-32433

github · Created 2025-04-25 15:57:40 UTC · 1 stars

Erlang OTP SSH NSE Discovery Script

0x7556/CVE-2025-32433

github · Created 2025-04-25 15:31:21 UTC · 1 stars

CVE-2025-32433 Erlang/OTP SSH RCE Exploit SSH远程代码执行漏洞EXP

rizky412/CVE-2025-32433

github · Created 2025-04-24 21:14:12 UTC · 0 stars

CVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2

ps-interactive/lab_CVE-2025-32433

github · Created 2025-04-24 13:22:06 UTC · 0 stars

CVE lab to accompany CVE course for CVE-2025-32433

tobiasGuta/Erlang-OTP-CVE-2025-32433

github · Created 2025-04-23 20:12:50 UTC · 0 stars

This Python script exploits the CVE-2025-32433 vulnerability in certain versions of the Erlang SSH daemon.

meloppeitreet/CVE-2025-32433-Remote-Shell

github · Created 2025-04-19 18:32:34 UTC · 0 stars

Go-based exploit for CVE-2025-32433

omer-efe-curkus/CVE-2025-32433-Erlang-OTP-SSH-RCE-PoC

github · Created 2025-04-18 21:11:44 UTC · 8 stars

The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication.

teamtopkarl/CVE-2025-32433

github · Created 2025-04-18 15:06:12 UTC · 1 stars

Erlang/OTP SSH 远程代码执行漏洞

LemieOne/CVE-2025-32433

github · Created 2025-04-18 10:53:19 UTC · 3 stars

Missing Authentication for Critical Function (CWE-306)-Exploit

darses/CVE-2025-32433

github · Created 2025-04-18 10:30:52 UTC · 0 stars

Security research on Erlang/OTP SSH CVE-2025-32433.

Epivalent/CVE-2025-32433-detection

github · Created 2025-04-18 09:56:23 UTC · 0 stars

ekomsSavior/POC_CVE-2025-32433

github · Created 2025-04-18 02:32:41 UTC · 1 stars

ProDefense/CVE-2025-32433

github · Created 2025-04-18 00:35:11 UTC · 85 stars

CVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Metasploit

  • Added to KEVIntel

  • KEV confirmed by CISA