The flaw, tracked as CVE-2025-32433, has been assigned the maximum CVSS score of 10.0, indicating an extremely severe security risk that requires immediate attention from affected organizations. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The technical details reveal that the vulnerability has been assigned a CVSS vector of CVSS:3.1, indicating a network attack, low complexity for exploitation, and high impacts on confidentiality, integrity, and availability. For organizations that cannot immediately deploy the updates, temporary mitigation measures include implementing firewall rules to restrict access to vulnerable SSH servers or disabling the SSH server entirely until a patch can be applied. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. The team identified a fundamental flaw in the SSH protocol message handling that enables attackers to send connection protocol messages prior to completing authentication procedures. Researchers noted that this flaw has been classified as highly dangerous, which could enable a threat actor to carry out operations like installing ransomware or stealing confidential information. It also underscores the importance of regular security updates for infrastructure components that may be deeply embedded in critical systems. She is covering various cyber security incidents happening in the Cyber Space. Administrators of any systems using Erlang/OTP SSH implementations should review their deployments immediately and apply the necessary patches or mitigations to protect against this vulnerability. The Erlang/OTP team has released patched versions: OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. Organizations are strongly advised to update to these versions immediately.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 17 Apr 2025 11:50:04 +0000