.jpg)
![What’s new in Android’s April 2025 Google System Updates [U: 4/18]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/01/google-play-services-3.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOWn65wd33dg2uO99NrtKbpYLfcepwOLidQDMls0HXKlA91k6HURluRA4WXgJRAZldEe1VReMQZyyYt1PgnoAn5JPpILsWlXIzmrBSs_TBoyPwO7hZrWouBg2-O3mdeoeSGY-l9_bsZB7vbpKjTSvG93zNytjxgTaMPqo9iq9Z5pGa05CJOs9uXpwHFT4/s1600/ai-cyber.jpg?#)
A critical Erlang/OTP security flaw is "surprisingly easy" to exploit, experts warn - so patch now
A 10/10 bug in the library can trigger RCE, but a patch is already available.
- Security researchers find a 10/10 flaw in Erlang/OTP SSH
- Horizon3 Attack Team says the flaw is "surprisingly easy" to exploit
- A patch is available, so users should update now
Erlang/OTP SSH, a set of libraries for the Erlang programming language, carries a maximum-severity vulnerability that allows for remote code execution and is “surprisingly easy” to exploit, researchers are warning.
A team of cybersecurity researchers from the Ruhr University Bochum (Germany) recently discovered an improper handling of pre-authentication protocol messages flaw, which affects all versions of Erlang/OTP SSH. It is tracked as CVE-2025-32433 and carries a severity score of 10/10 (critical).
Erlang/OTP SSH is a module within the Erlang/OTP standard library that provides support for implementing Secure Shell (SSH) clients and servers in Erlang applications.
Monitor your credit score with TransUnion starting at $29.95/month
TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.
Preferred partner (What does this mean?)View Deal
Remote code execution
Erlang is a functional programming language and runtime system designed for building highly concurrent, distributed, and fault-tolerant systems. It was originally developed by Ericsson, for use in telecoms, but has expanded into messaging systems, databases, and other applications where uptime and scalability are critical.
"The issue is caused by a flaw in the SSH protocol message handling which allows an attacker to send connection protocol messages prior to authentication," a warning on the OpenWall vulnerability mailing list reads.
Soon after the news broke, security researchers from the Horizon3 Attack Team tried to reproduce the flaw and found it to be “surprisingly easy”, which should be cause for concern.
“Just finished reproducing CVE-2025-32433 and putting together a quick PoC exploit — surprisingly easy,” the team said on X. “Wouldn’t be shocked if public PoCs start dropping soon. If you’re tracking this, now’s the time to take action.”
Taking action would mean applying the patch which is now available and which mitigates the risk. Since all older versions are vulnerable, all users are advised to upgrade to versions 25.3.2.10 and 26.2.4.
Threat actors are more active in the short window between a patch being released, and being applied by the users. Most organizations are not that diligent when it comes to patching, giving cybercriminals a relatively easy exploit avenue.
Via BleepingComputer
You might also like
- OpenSSH vulnerabilities could pose huge threat to businesses everywhere
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
