THREAT OPS › CVEs › CVE-2025-32433
CVE-2025-32433 — Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.
Vulnerability details
- Affected productsErlang/OTP
- KEV remediation due2025-06-30