"The issue is caused by a flaw in the SSH protocol message handling which allows an attacker to send connection protocol messages prior to authentication," reads a disclosure on the OpenWall vulnerability mailing list. All devices running the Erlang/OTP SSH daemon are impacted by the vulnerability and are advised to upgrade to versions 25.3.2.10 and 26.2.4 to fix the flaw. The CVE-2025-32433 vulnerability is caused by the improper handling of certain pre-authentication protocol messages within the SSH daemon provided by Erlang/OTP's SSH application. Horizon3's Attack Team, known for their exploit research, warned on X that they had reproduced the flaw and found it "surprisingly easy," demonstrating a PoC that writes a file as root on affected systems. A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. For systems, such as industrial or mission-critical devices that can't be easily updated, it is advised that access to SSH be restricted to trusted IPs, or the SSH daemon should be turned off if not needed. Lawrence Abrams Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 17 Apr 2025 21:35:08 +0000