PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability
gbhackersA critical remote code execution (RCE) vulnerability in Erlang/OTP’s SSH implementation (CVE-2025-32433) has now entered active exploit risk after researchers published a proof-of-concept (PoC) this week.
The flaw, discovered by Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of Ruhr University Bochum, allows unauthenticated attackers to execute arbitrary code on vulnerable systems, posing a severe threat to servers using Erlang/OTP for SSH connectivity.
Vulnerability Overview
The flaw (CVSSv3 10.0) stems from improper handling of SSH protocol messages, enabling attackers to bypass authentication and send malicious payloads during the connection phase.
Successful exploitation grants full control over the target system, especially if the SSH daemon runs with root privileges.
“This vulnerability is a worst-case scenario for exposed systems,” the researchers warned. “Attackers can manipulate data, deploy ransomware, or hijack infrastructure without requiring credentials.”
All Erlang/OTP versions before OTP-27.3.3, 26.2.5.11, and ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE