anonhaven
Ad

CVE-2025-32433

CRITICAL CVSS 3.1: 10.0 EPSS 50.3%
Updated Nov 04, 2025
Erlang
Parameter Value
CVSS 10.0 (CRITICAL)
Affected Versions 26.0 — 8.4.4.1
Fixed In 25.3.2.20
Type CWE-306 (Missing Authentication for Critical Function)
Vendor Erlang
Public PoC Yes

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials.

This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-306 Missing Authentication for Critical Function

Vulnerable Products 47

Configuration From (including) Up to (excluding)
Erlang Erlang\/Otp
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
 25.3.2.20
Erlang Erlang\/Otp
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
 26.0 26.2.5.11
Erlang Erlang\/Otp
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
 27.0 27.3.3
Cisco Confd_Basic
cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*
 7.7.19.1
Cisco Confd_Basic
cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*
 8.0.18 8.1.16.2
Cisco Confd_Basic
cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*
 8.2 8.2.11.1
Cisco Confd_Basic
cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*
 8.3 8.3.8.1
Cisco Confd_Basic
cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*
 8.4 8.4.4.1
Cisco Network_Services_Orchestrator
cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
 5.7.19.1
Cisco Network_Services_Orchestrator
cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
 5.8 6.1.16.2
Cisco Network_Services_Orchestrator
cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
 6.2 6.2.11.1
Cisco Network_Services_Orchestrator
cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
 6.3 6.3.8.1
Cisco Network_Services_Orchestrator
cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
 6.4 6.4.1.1
Cisco Network_Services_Orchestrator
cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
 6.4.2 6.4.4.1
Cisco Cloud_Native_Broadband_Network_Gateway
cpe:2.3:a:cisco:cloud_native_broadband_network_gateway:*:*:*:*:*:*:*:*
 2025.03.1
Cisco Inode_Manager
cpe:2.3:a:cisco:inode_manager:-:*:*:*:*:*:*:*
Cisco Smart_Phy
cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:*
 25.2
Cisco Ultra_Packet_Core
cpe:2.3:a:cisco:ultra_packet_core:*:*:*:*:*:*:*:*
 2025.03
Cisco Ultra_Services_Platform
cpe:2.3:a:cisco:ultra_services_platform:-:*:*:*:*:*:*:*
Cisco Staros
cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*
 2025.03
Cisco Optical_Site_Manager
cpe:2.3:a:cisco:optical_site_manager:*:*:*:*:*:*:*:*
 25.2.1
Cisco Ncs_1001
cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*
Cisco Ncs_1002
cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*
Cisco Ncs_1004
cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*
Cisco Ncs_2000_Shelf_Virtualization_Orchestrator_Firmware
cpe:2.3:o:cisco:ncs_2000_shelf_virtualization_orchestrator_firmware:*:*:*:*:*:*:*:*
 25.1.1
Cisco Ncs_2000_Shelf_Virtualization_Orchestrator_Module
cpe:2.3:h:cisco:ncs_2000_shelf_virtualization_orchestrator_module:-:*:*:*:*:*:*:*
Cisco Enterprise_Nfv_Infrastructure_Software
cpe:2.3:a:cisco:enterprise_nfv_infrastructure_software:*:*:*:*:*:*:*:*
 4.18
Cisco Ultra_Cloud_Core
cpe:2.3:a:cisco:ultra_cloud_core:*:*:*:*:*:*:*:*
 2025.03.1
Cisco Rv160w_Firmware
cpe:2.3:o:cisco:rv160w_firmware:-:*:*:*:*:*:*:*
Cisco Rv160w
cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*
Cisco Rv260_Firmware
cpe:2.3:o:cisco:rv260_firmware:-:*:*:*:*:*:*:*
Cisco Rv260
cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*
Cisco Rv160_Firmware
cpe:2.3:o:cisco:rv160_firmware:-:*:*:*:*:*:*:*
Cisco Rv160
cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*
Cisco Rv260p_Firmware
cpe:2.3:o:cisco:rv260p_firmware:-:*:*:*:*:*:*:*
Cisco Rv260p
cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*
Cisco Rv260w_Firmware
cpe:2.3:o:cisco:rv260w_firmware:-:*:*:*:*:*:*:*
Cisco Rv260w
cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*
Cisco Rv340_Firmware
cpe:2.3:o:cisco:rv340_firmware:-:*:*:*:*:*:*:*
Cisco Rv340
cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*
Cisco Rv340w_Firmware
cpe:2.3:o:cisco:rv340w_firmware:-:*:*:*:*:*:*:*
Cisco Rv340w
cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*
Cisco Rv345_Firmware
cpe:2.3:o:cisco:rv345_firmware:-:*:*:*:*:*:*:*
Cisco Rv345
cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*
Cisco Rv345p_Firmware
cpe:2.3:o:cisco:rv345p_firmware:-:*:*:*:*:*:*:*
Cisco Rv345p
cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*
Debian Debian_Linux
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

References 14

https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12
security-advisories@github.com
https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f
security-advisories@github.com
https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891
security-advisories@github.com
https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
security-advisories@github.com
http://www.openwall.com/lists/oss-security/2025/04/16/2
af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/04/18/1
af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/04/18/2
af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/04/18/6
af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/04/19/1
af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html
af854a3a-2127-422b-91ae-364da2661108
https://security.netapp.com/advisory/ntap-20250425-0001/
af854a3a-2127-422b-91ae-364da2661108
https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py
134c704f-9b21-4f2e-91b3-4a467353bcc0
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/c…
134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025…
134c704f-9b21-4f2e-91b3-4a467353bcc0
Share Post Share Share Share