Cisco Confirms Multiple Products Impacted by Erlang/OTP SSH Server RCE Flaw

Cisco Systems has issued a critical security advisory confirming that multiple products across its portfolio are affected by a remote code execution (RCE) vulnerability in the Erlang/OTP SSH server (CVE-2025-32433). The vulnerability impacts critical infrastructure components ranging from network orchestration tools to enterprise routing platforms, with proof-of-concept exploit code already circulating in security communities. With Erlang/OTP underpinning critical infrastructure components, this vulnerability poses systemic risks to telecommunications networks, cloud platforms, and enterprise IT environments. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerability resides in the Erlang/OTP implementation of the SSH protocol (RFC 4252), specifically in the processing of channel request messages prior to successful authentication. The Erlang/OTP platform’s concurrency model exacerbates the risk, as a single compromised SSH connection could spawn malicious processes across distributed nodes in clustered environments. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 24 Apr 2025 12:55:07 +0000

Cyber News related to Cisco Confirms Multiple Products Impacted by Erlang/OTP SSH Server RCE Flaw

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now - Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. Now that public exploits are available, it is strongly advised ...
5 days ago Bleepingcomputer.com CVE-2025-32433

Cisco Confirms Multiple Products Impacted by Erlang/OTP SSH Server RCE Flaw - Cisco Systems has issued a critical security advisory confirming that multiple products across its portfolio are affected by a remote code execution (RCE) vulnerability in the Erlang/OTP SSH server (CVE-2025-32433). The vulnerability impacts critical ...
5 hours ago Cybersecuritynews.com CVE-2025-32433

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now - "The issue is caused by a flaw in the SSH protocol message handling which allows an attacker to send connection protocol messages prior to authentication," reads a disclosure on the OpenWall vulnerability mailing list. All devices running ...
6 days ago Bleepingcomputer.com CVE-2025-32433

Critical Erlang/OTP SSH Vulnerability Allows Unauthenticated Remote Code Execution - The flaw, tracked as CVE-2025-32433, has been assigned the maximum CVSS score of 10.0, indicating an extremely severe security risk that requires immediate attention from affected organizations. Cyber Security News is a Dedicated News Platform For ...
1 week ago Cybersecuritynews.com CVE-2025-32433

New SSH-Snake Malware Abuses SSH Credentials - Threat actors abuse SSH credentials to gain unauthorized access to systems and networks. SSH credential abuse provides a stealthy entry point for threat actors to compromise and control the targeted systems. On January 4th, 2024, the Sysdig Threat ...
1 year ago Cybersecuritynews.com

CVE-2025-32433 - Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in ...
3 days ago CVE-2025-32433

CVE-2024-53846 - OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of ...
4 months ago Tenable.com

PoC Exploit Released for Erlang/OTP SSH Remote Code Execution Vulnerability - A critical remote code execution vulnerability in Erlang/OTP’s SSH implementation has security teams scrambling to patch affected systems after researchers confirmed the development of a proof-of-concept exploit. The vulnerability, tracked as ...
6 days ago Cybersecuritynews.com CVE-2025-32433

CVE-2025-26618 - Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use ...
2 months ago Tenable.com

CVE-2023-48795 - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client ...
4 months ago

CVE-2025-30211 - Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits ...
3 weeks ago

What is a one-time password? Definition from SearchSecurity - A one-time password is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single transaction or login session. An OTP is more secure than a static password, especially a user-created password, ...
1 year ago Techtarget.com

CVE-2024-52308 - The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to ...
5 months ago Tenable.com

In a first, cryptographic keys protecting SSH connections stolen in new attack - For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the ...
1 year ago Arstechnica.com

5 Tips for Pi Day Savings at the Cisco Learning Network Store - Save 25% on select training products from the Cisco Learning Network Store for 24 hours only. Two new multicloud training courses are now available in the Cisco Learning Network Store-and they're included in the Pi Day Sale. If you are an active ...
1 year ago Feedpress.me

What's Coming to Cisco Live Europe 2024 for the Data Center Developer? - In just a week or so, Cisco Live EMEA, 2024 will be ready to sizzle at the RAI Amsterdam. From a Cisco Cloud Networking standpoint, Cisco Nexus Dashboard, Cisco ACI, and Nexus 9000 Series switches are showing up in a big way. Read on to learn what ...
1 year ago Feedpress.me

Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
9 months ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke

Building Data Center Infrastructure for the AI Revolution  - This is part two of a multi-part blog series on AI. Part one, Why 2024 is the Year of AI for Networking, discussed Cisco's AI networking vision and strategy. This blog will focus on evolving data center network infrastructure for supporting AI/ML ...
1 year ago Feedpress.me

Cisco Adds New Security and AI Capabilities in Next Step Toward Cisco Networking Cloud Vision - PRESS RELEASE. AMSTERDAM, Feb. 6, 2024 /PRNewswire/ - CISCO LIVE EMEA - Cisco, the leader in networking and security, today introduced new capabilities and technologies across its networking portfolio that are designed to drive a more unified and ...
1 year ago Darkreading.com

Cisco Routers Exposed to Remote Code Execution (RCE) Attacks: How to Protect Your Network - Protecting networks from remote code execution (RCE) attacks is now more important than ever, as thousands of end-of-life Cisco routers are exposed to these vulnerabilities. On June 10, 2020 research revealed that over 19,000 Cisco devices were still ...
2 years ago Bleepingcomputer.com

High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
10 months ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke

Embrace the Multicloud Era with Cisco Learning and Certifications at Cisco Live Amsterdam - It's time to come together with experts and thousands of your peers to connect, learn, and advance your career with the Learning & Certifications team at Cisco Live Amsterdam, February 5-9, 2024. Let's dive into how you can make the most of your ...
1 year ago Feedpress.me

Accelerating Your Journey to the 128-bit Universe - The 2023 National Cybersecurity Strategy requires acceleration of your agency's mission to go boldly into the 128-bit address space universe with greater speed and urgency. IPv6-only is the addressing standard for the U.S. Federal Government, ...
1 year ago Feedpress.me

ChatGPT Creates Working Exploit for CVE's Before Public PoCs Released - In a development that could transform vulnerability research, security researcher Matt Keeley demonstrated how artificial intelligence can now create working exploits for critical vulnerabilities before public proof-of-concept (PoC) exploits are ...
1 day ago Cybersecuritynews.com CVE-2025-32433

Cisco Confirms Multiple Products Impacted by Erlang/OTP SSH Server RCE Flaw

Cyber News related to Cisco Confirms Multiple Products Impacted by Erlang/OTP SSH Server RCE Flaw

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)