CVE-2025-32433: Erlang Erlang/OTP SSH Server Missing Authentication for
Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability. Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.
- CISA KEV-listed (remediation due 2025-06-30)
- EPSS 59.3% (98.3% percentile)