A severe vulnerability identified in the Erlang/OTP SSH, designated as CVE-2025-32433, poses a significant risk by enabling unauthenticated remote code execution on susceptible systems. This flaw demands urgent attention and patching to prevent potential exploitation.

Understanding the Vulnerability

The vulnerability, discovered by researchers at Ruhr University Bochum, has been assigned a critical severity score of 10.0. It affects all systems utilizing the Erlang/OTP SSH daemon, necessitating an upgrade to versions 25.3.2.10 or 26.2.4 to mitigate the risk.

Technical Details

Erlang, a programming language renowned for its fault tolerance and concurrency, is widely used in telecommunications and high-availability systems. The Erlang/OTP suite includes libraries and tools, among which is the SSH application for remote access. The CVE-2025-32433 vulnerability stems from improper handling of pre-authentication protocol messages within this SSH daemon.

  • Root Cause: The flaw arises from a defect in SSH protocol message handling, allowing attackers to send connection protocol messages before authentication.
  • Impact: Commands executed via this vulnerability inherit the SSH daemon's privileges, often running as root, which could lead to full system compromise.

Exploitation and Threat Landscape

The Horizon3 Attack Team, known for their expertise in exploit research, has successfully reproduced the vulnerability, describing it as "surprisingly easy" to exploit. They demonstrated a proof-of-concept (PoC) that writes a file as root on affected systems, indicating the potential for rapid development of public PoCs.

Recommendations for Mitigation

Organizations are urged to upgrade to the patched versions immediately to preempt mass exploitation. For systems that cannot be easily updated, such as industrial or mission-critical devices, it is recommended to restrict SSH access to trusted IP addresses or disable the SSH daemon if it is not essential.

The link has been copied!