CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

Published: Apr 16, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-32433
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 10
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
erlang / erlang/otp	-	25.3.2.20
erlang / erlang/otp	26.0	26.2.5.11
erlang / erlang/otp	27.0	27.3.3
cisco / confd_basic	-	7.7.19.1
cisco / confd_basic	8.0.18	8.1.16.2
cisco / confd_basic	8.2	8.2.11.1
cisco / confd_basic	8.3	8.3.8.1
cisco / confd_basic	8.4	8.4.4.1
cisco / network_services_orchestrator	-	5.7.19.1
cisco / network_services_orchestrator	5.8	6.1.16.2
cisco / network_services_orchestrator	6.2	6.2.11.1
cisco / network_services_orchestrator	6.3	6.3.8.1
cisco / network_services_orchestrator	6.4	6.4.1.1
cisco / network_services_orchestrator	6.4.2	6.4.4.1
cisco / smart_phy	-	25.2
cisco / cloud_native_broadband_network_gateway	-	2025.03.1
cisco / optical_site_manager	-	25.2.1
cisco / ncs_2000_shelf_virtualization_orchestrator_firmware	-	25.1.1
cisco / enterprise_nfv_infrastructure_software	-	4.18
cisco / ultra_cloud_core	-	2025.03.1
cisco / staros	-	2025.03
cisco / ultra_packet_core	-	2025.03
debian / debian_linux	11.0	11.0.x

Vulnerability Database

300,830

CVE-2025-32433

Deep Security Visibility Without the Complexity