OT Networks Targeted in Widespread Exploitation of Erlang/OTP Vulnerability

An Erlang/OTP vulnerability whose existence came to light in mid-April has been exploited in the wild, with many attacks apparently targeting operational technology (OT) networks.

Erlang/OTP is a collection of libraries, middleware and other tools designed for creating real-time systems that require high availability, such as banking, e-commerce, and communications applications. 

Researchers discovered that Erlang/OTP’s SSH implementation is affected by a critical vulnerability that can allow arbitrary code execution in the context of the SSH daemon, which can potentially give an attacker full access to the host, enabling unauthorized access to and manipulation of sensitive data.

Tracked as CVE-2025-32433, the flaw impacts all unpatched SSH servers that leverage the Erlang/OTP SSH library, and systems used for remote access are particularly at risk.

The security hole has been patched with the release of OTP-27.3.3, OTP-26.2.5.11 and OTP-25.3.2.20. Earlier ...