{“lastseen”:”2025-08-11T17:12:35″,”description”:”\\n\\nMalicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang\/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks.\\n\\nThe vulnerability in question is CVE-2025-32433 (CVSS score: 10.0), a missing authentication issue that could be abused by an attacker with network access to an Erlang\/OTP SSH server to execute arbitrary code. It was patched in April 2025 with versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.\\n\\nThen in June 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.\\n\\n\\”At the heart of Erlang\/OTP’s secure communication capabilities lies its native SSH implementation \u2014 responsible for encrypted connections, file transfers and most importantly, command execution,\\” Palo Alto Networks Unit 42 researchers Adam Robbie, Yiheng An, Malav Vyas, Cecilia Hu, Matthew Tennis, and Zhanhao Chen said.\\n\\n\\n\\n\\”A flaw in this implementation would allow an attacker with network access to execute arbitrary code on vulnerable systems without requiring credentials, presenting a direct and severe risk to exposed assets.\\”\\n\\nThe cybersecurity company’s analysis of telemetry data has revealed that over 85% of exploit attempts have primarily singled out healthcare, agriculture, media and entertainment, and high technology sectors in the U.S., Canada, Brazil, India, and Australia, among others.\\n\\n\\n\\nIn the attacks observed, the successful exploitation of CVE-2025-32433 is followed by the threat actors using reverse shells to gain unauthorized remote access to target networks. It’s currently not known who is behind the efforts.\\n\\n\\”This widespread exposure on industrial-specific ports indicates a significant global attack surface across OT networks,\\” Unit 42 said. \\”Analysis of affected industries demonstrates variance in the attacks.\\”\\n\\n\\”Attackers are attempting to exploit the vulnerability in short, high-intensity bursts. These are disproportionately targeting OT networks and attempting to access exposed services over both IT and industrial ports.\\”\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2025-08-11T15:08:00″,”modified”:”2025-08-11T15:08:11″,”type”:”thn”,”title”:”Researchers Spot Surge in Erlang\/OTP SSH RCE Exploits, 70% Target OT Firewalls”,”source”:””,”references”:””,”id”:”THN:958CC847E5C091B48F09DD4B0E81ACDD”,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2025-32433″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:10,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2025\/08\/researchers-spot-surge-in-erlangotp-ssh.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-08-11T17:12:35″,”description”:”\\n\\nMalicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang\/Open Telecom Platform (OTP) SSH as early as beginning of…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,36,12,13,7,11,43,5],"class_list":["post-10377","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-100","tag-exploit","tag-news","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n