Intelligence
criticalVulnerabilityEmerging

Erlang/OTP SSH Server Vulnerability Scores Perfect CVSS 10.0

A critical vulnerability in the Erlang/OTP SSH library allows unauthenticated remote code execution with a perfect CVSS 10.0 score, affecting any application using the built-in SSH server.

S
Sebastion

CVE References

CVE-2025-32433

Affected

Erlang/OTP SSH server implementationsCouchDBRabbitMQPlesk

What happened: A critical vulnerability in the Erlang/OTP SSH library was publicly disclosed, receiving the maximum CVSS base score of 10.0. CVE-2025-32433 allows unauthenticated attackers to execute arbitrary code on systems running the Erlang/OTP SSH daemon by sending specially crafted SSH messages before authentication completes. Proof-of-concept exploits were published within days of disclosure.

Technical details: The vulnerability exists in the SSH protocol message handling in Erlang/OTP's SSH implementation. An attacker can send specific SSH protocol messages during the connection setup phase, before authentication is required, causing the server to execute arbitrary commands. If the SSH daemon runs as root (which is common), the attacker gains root-level access. The flaw affects all versions of Erlang/OTP prior to OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.

Who is affected: Any system running an application that uses the Erlang/OTP SSH server component. This includes popular infrastructure software such as CouchDB, RabbitMQ, and various Erlang-based telecom and messaging platforms. The blast radius extends beyond traditional Erlang deployments since many organizations unknowingly run Erlang-based services.

What defenders should do: Update Erlang/OTP to patched versions immediately. If updating is not possible, disable the SSH server component or restrict SSH access to trusted IP addresses through firewall rules. Identify all Erlang-based services in your environment, including indirect dependencies. Monitor SSH logs for connection attempts from unknown sources.

Broader implications: A CVSS 10.0 unauthenticated RCE in a widely-used programming language runtime is exceptionally dangerous. The Erlang/OTP SSH implementation is embedded in many infrastructure services, and organizations may not realize they are running vulnerable components. This vulnerability underscores the importance of maintaining comprehensive software inventories that include runtime and library dependencies.

Sources

erlangotpsshrcecritical
Back to intelligence