About Remote Code Execution – Erlang/OTP (CVE-2025-32433) vulnerability

Security Update News

Update Information

Title	About Remote Code Execution – Erlang/OTP (CVE-2025-32433) vulnerability
Update ID	AVLEONOV:1854CE6BBEBE88AD938E553E4AC0F810
Type	avleonov
Published	2025-05-12T20:46:16
Last Updated	2025-05-12T20:46:16

Security Impact

CVSS Score	10.0
Severity	CRITICAL
Attack Vector	NETWORK

Affected CVEs

CVE-2025-32433

Update Details

![About Remote Code Execution – Erlang/OTP \(CVE-2025-32433\) vulnerability](https://avleonov.com/wp-content/uploads/2025/05/photo_813@12-05-2025_23-46-16.jpg)

**About** **Remote Code Execution – Erlang/OTP (CVE-2025-32433) vulnerability.** Erlang is a programming language used to build massively scalable soft real-time systems with requirements for high availability. Used in telecom, banking, e-commerce, telephony, and messaging. OTP is a set of Erlang libraries and design principles providing middle-ware to develop these systems.

A message handling vulnerability in the Erlang/OTP SSH server allows an unauthenticated attacker to execute arbitrary code. The code runs in the context of the SSH daemon. If the daemon is running as root, this grants full control over the device.

![🔻](https://s.w.org/images/core/emoji/15.1.0/72×72/1f53b.png) The vendor bulletin was released on April 16. Updated versions: OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.

![🔻](https://s.w.org/images/core/emoji/15.1.0/72×72/1f53b.png) On April 17, a write-up and a PoC exploit (developed using AI) appeared on the Platform Security blog.

![🔻](https://s.w.org/images/core/emoji/15.1.0/72×72/1f53b.png) Cisco devices are affected – and likely not the only ones. ![😏](https://s.w.org/images/core/emoji/15.1.0/72×72/1f60f.png)

![👾](https://s.w.org/images/core/emoji/15.1.0/72×72/1f47e.png) No signs of exploitation in the wild so far.

На русском

View Advisory Details