Aug 11, 2025Ravie LakshmananVulnerability / Community Safety
Malicious actors have been noticed exploiting a now-patched important safety flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as starting of Might 2025, with about 70% of detections originating from firewalls defending operational know-how (OT) networks.
The vulnerability in query is CVE-2025-32433 (CVSS rating: 10.0), a lacking authentication subject that may very well be abused by an attacker with community entry to an Erlang/OTP SSH server to execute arbitrary code. It was patched in April 2025 with variations OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.
Then in June 2025, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added the flaw to its Identified Exploited Vulnerabilities (KEV) catalog, based mostly on proof of lively exploitation.
“On the coronary heart of Erlang/OTP’s safe communication capabilities lies its native SSH implementation — answerable for encrypted connections, file transfers and most significantly, command execution,” Palo Alto Networks Unit 42 researchers Adam Robbie, Yiheng An, Malav Vyas, Cecilia Hu, Matthew Tennis, and Zhanhao Chen mentioned.
“A flaw on this implementation would enable an attacker with community entry to execute arbitrary code on susceptible methods with out requiring credentials, presenting a direct and extreme danger to uncovered property.”
The cybersecurity firm’s evaluation of telemetry knowledge has revealed that over 85% of exploit makes an attempt have primarily singled out healthcare, agriculture, media and leisure, and excessive know-how sectors within the U.S., Canada, Brazil, India, and Australia, amongst others.
Within the assaults noticed, the profitable exploitation of CVE-2025-32433 is adopted by the risk actors utilizing reverse shells to realize unauthorized distant entry to focus on networks. It is at present not identified who’s behind the efforts.
“This widespread publicity on industrial-specific ports signifies a major world assault floor throughout OT networks,” Unit 42 mentioned. “Evaluation of affected industries demonstrates variance within the assaults.”
“Attackers are trying to use the vulnerability in brief, high-intensity bursts. These are disproportionately focusing on OT networks and making an attempt to entry uncovered companies over each IT and industrial ports.”
