New Security Threats: Exploiting Vulnerabilities in Erlang/OTP SSH
Recent Exploits and Their Impact
In May 2025, security researchers began noticing that hackers were actively taking advantage of a serious vulnerability in the Erlang/Open Telecom Platform (OTP) Secure Shell (SSH). Approximately 70% of these detected attacks were traced back to firewalls that secure operational technology (OT) networks. This alarming trend highlights the pressing need for organizations to protect their assets against emerging cyber threats.
Understanding CVE-2025-32433
The critical vulnerability, designated as CVE-2025-32433, received a maximum CVSS score of 10.0. This flaw stems from a missing authentication mechanism that allows someone with network access to an affected Erlang/OTP SSH server to execute arbitrary code without proper credentials. The vulnerability was effectively patched in April 2025 with the release of versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.
Official Recognition of the Exploit
In June 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included CVE-2025-32433 in its Known Exploited Vulnerabilities (KEV) catalog, underscoring the urgency of the situation. This agency’s designation indicates clear evidence of the ongoing exploitation of the security issue, amplifying concerns among cybersecurity experts.
Significance of Erlang/OTP’s SSH Implementation
Erlang/OTP includes a robust native SSH implementation crucial for secure communication, file transfers, and command execution. According to researchers from Palo Alto Networks’ Unit 42, any vulnerability in this implementation poses a significant risk. Attackers leveraging this flaw can execute code on vulnerable systems without needing credentials, creating an immediate threat to exposed assets.
Targeted Sectors and Geographic Focus
Data analysis conducted by cybersecurity experts shows that over 85% of attempts to exploit this vulnerability have primarily focused on various significant sectors: healthcare, agriculture, media and entertainment, and high technology. The focus is not limited to one region; countries including the U.S., Canada, Brazil, India, and Australia have all been affected.
Methods of Attack
Recent attacks exploiting CVE-2025-32433 have revealed a troubling trend: after successfully breaching systems, attackers utilize reverse shells to gain unauthorized remote access to targeted networks. The identity of these threat actors remains unknown, but their tactics are clearly evident.
Widespread Vulnerability Exposure
The pervasive nature of this vulnerability indicates a vast global attack surface, particularly across OT networks. Unit 42 emphasized that their analysis reveals notable differences in tactics across various affected industries. The attackers are employing aggressive strategies, attempting to exploit the vulnerability in rapid bursts, with a disproportionate emphasis on OT networks and services exposed on both IT and industrial ports.
Preparing for Future Threats
Organizations relying on Erlang/OTP should remain vigilant and ensure they have implemented the necessary patches to protect their systems. As cyber threats continue to evolve, the importance of maintaining updated security measures cannot be overstated. Understanding vulnerabilities like CVE-2025-32433 and keeping an eye on industry-specific attack patterns will play a vital role in safeguarding operational integrity.
Conclusion
The exploitation of CVE-2025-32433 serves as a potent reminder of the vulnerabilities present in seemingly secure systems. As hackers grow more sophisticated, it is crucial for organizations to stay informed, apply necessary patches promptly, and develop comprehensive strategies to mitigate risks associated with emerging threats.
