CISA Warns of Erlang/OTP SSH Server RCE Vulnerability Exploited in Attacks

Cyber Security News

CISA has issued an urgent warning regarding a critical vulnerability in Erlang/OTP SSH servers that is being actively exploited in the wild. 

The vulnerability, tracked as CVE-2025-32433, enables attackers to achieve unauthenticated remote code execution on affected systems, prompting its immediate addition to CISA’s Known Exploited Vulnerabilities (KEV) catalog on June 9, 2025. 

This security flaw affects multiple enterprise products from major vendors, including Cisco, NetApp, and SUSE, creating widespread exposure across critical infrastructure systems.

Erlang/OTP SSH Server RCE Vulnerability

The vulnerability stems from a missing authentication for a critical function weakness in the Erlang/OTP SSH server implementation, classified under CWE-306 (Missing Authentication for Critical Function). 

This fundamental security flaw allows malicious actors to execute arbitrary commands on target systems without providing valid credentials, effectively bypassing the authentication mechanisms that should protect these critical services.

The exploitation mechanism centers on improper handling of SSH protocol messages within the Erlang/OTP framework.

 When an attacker crafts specific SSH protocol messages, the server fails to properly validate authentication credentials before processing critical functions. 

This design flaw creates a direct pathway for unauthenticated remote code execution (RCE), enabling attackers to gain complete control over vulnerable systems without legitimate access credentials.

The technical severity of this vulnerability cannot be overstated, as it affects the foundational security model of SSH communications. 

Erlang/OTP is widely deployed across telecommunications, financial services, and cloud infrastructure environments, making this vulnerability particularly concerning for organizations operating mission-critical systems. 

The exploitation of this flaw could lead to complete system compromise, data exfiltration, and potential lateral movement within enterprise networks.

Risk FactorsDetails
Affected Products– Cisco products using Erlang/OTP SSH server- NetApp systems with Erlang-based services- SUSE Linux distributions with vulnerable Erlang packages
ImpactRemote code execution (RCE)
Exploit Prerequisites– Network access to SSH port (TCP/22)- No valid credentials required- Unpatched Erlang/OTP implementation (versions 25.0 – 26.1)
CVSS 3.1 Score9.8 (Critical)

The vulnerability impacts various products that implement the Erlang/OTP SSH server functionality, with confirmed affected vendors including Cisco, NetApp, and SUSE. 

The widespread adoption of Erlang/OTP in enterprise environments means that numerous additional products and services may also be vulnerable, particularly those in telecommunications and distributed computing sectors where Erlang’s concurrent processing capabilities are highly valued.

Mitigation Strategies

CISA has established a mandatory remediation deadline of June 30, 2025, for federal agencies to address this vulnerability, reflecting the critical nature of the security flaw and evidence of active exploitation. 

Organizations are directed to apply vendor-provided mitigations immediately, follow the applicable Binding Operational Directive (BOD) 22-01 guidance for cloud services, or discontinue use of affected products if adequate mitigations are not available.

The primary mitigation strategy involves applying security patches provided by affected vendors as they become available. 

Organizations should immediately inventory their systems to identify potential exposure to this vulnerability, with a particular focus on SSH-enabled services that run Erlang/OTP implementations. 

Network segmentation and access controls should be enhanced around affected systems until patches can be applied.

Given the active exploitation of this vulnerability, security teams should implement enhanced monitoring for suspicious SSH connection attempts and unauthorized command execution on systems running Erlang/OTP services. 

Organizations should also consider temporarily restricting SSH access to essential personnel only and implementing additional authentication layers where technically feasible until comprehensive patches are deployed across their infrastructure.

Looking for AI-Powered Nex-Gen malware protection? – Download Malware Protection Plus for Free

The post CISA Warns of Erlang/OTP SSH Server RCE Vulnerability Exploited in Attacks appeared first on Cyber Security News.

cybersecuritynews.com