CVE-2025-32433CRITICAL 10.0CISA KEVEPSS p99.9%
CVE-2025-32433Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
Erlang / Erlang/OTP
Description
Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.
Scoring
| CVSS 3.1 | 10.0 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| EPSS | 97.67% probability of exploitation · percentile 99.9% · 2026-06-16T12:03:06Z |
| Published | 2025-04-16 |
| Last modified | 2025-11-04 |
CISA KEV entry
Added to KEV: 2025-06-09
Underlying weaknesses· 1
References
- https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12
- https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f
- https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891
- https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
- http://www.openwall.com/lists/oss-security/2025/04/16/2
- http://www.openwall.com/lists/oss-security/2025/04/18/1
- http://www.openwall.com/lists/oss-security/2025/04/18/2
- http://www.openwall.com/lists/oss-security/2025/04/18/6
1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Missing Authentication for Critical Functioncwe-306 | 0% | live |
(incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| KEVEntry | Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerabilitykev-cve-2025-32433 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.