{"id":2267,"date":"2025-08-13T21:54:15","date_gmt":"2025-08-13T21:54:15","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2025\/08\/13\/erlang-otp-ssh-vulnerability-sees-spike-in-exploitation-attempts\/"},"modified":"2025-08-13T21:54:15","modified_gmt":"2025-08-13T21:54:15","slug":"erlang-otp-ssh-vulnerability-sees-spike-in-exploitation-attempts","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2025\/08\/13\/erlang-otp-ssh-vulnerability-sees-spike-in-exploitation-attempts\/","title":{"rendered":"Erlang\/OTP SSH Vulnerability Sees Spike in Exploitation Attempts"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>A severe remote code execution (RCE) vulnerability in Erlang\u2019s Open Telecom Platform (OTP) Secure Shell daemon (sshd) is being actively exploited.<\/p>\n<p>According to a new analysis by Palo Alto\u2019s Unit 42, CVE-2025-32433, rated 10.0 on the CVSS scale, allows unauthenticated attackers to execute commands by sending specific SSH messages before authentication.\u00a0<\/p>\n<p>Vulnerable versions include Erlang\/OTP releases before OTP-27.3.3, OTP-26.2.5.11 and OTP-25.3.2.20.<\/p>\n<h2>Surge in Targeted Attacks<\/h2>\n<p>Between May 1 and May 9, the researchers observed a surge in exploitation attempts, with 70% of detections originating from firewalls protecting operational technology (OT) networks.<\/p>\n<p>Many targeted sectors rely on Erlang\/OTP\u2019s native SSH for remote administration, including healthcare, agriculture, media and entertainment and high technology.<\/p>\n<p>\u201cThis vulnerability, if exploited, could have severe consequences on the organization, their network and operations,\u201d\u00a0said Thomas Richards, infrastructure security practice director at Black Duck.<\/p>\n<p>\u201cThe attacker would have full control over the system, which can result in a compromise of sensitive information and allow them to compromise additional hosts within the network.\u201d<\/p>\n<p>Erlang\/OTP services were found to be widely exposed on the internet, sometimes over industrial ports like TCP 2222, creating a crossover risk between IT and industrial control systems. The US, Brazil and France host the highest number of exposed services.<\/p>\n<p><em>Read more on operational technology security: Over Half of Organizations Report Serious OT Security Incidents\u00a0<\/em><\/p>\n<h2>Exploitation Details and Mitigation<\/h2>\n<p>Attackers have been observed deploying\u00a0payloads that establish reverse shells for unauthorized access.<\/p>\n<p>One method binds a shell to a TCP connection, while\u00a0another redirects Bash input and output to a remote host linked to botnet command servers. Some payloads utilize DNS callbacks to track execution without returning results \u2013\u00a0a tactic commonly employed in stealthy campaigns.<\/p>\n<p>\u201cThe real danger with CVE-2025-32433 is that it\u2019s not just an IT vulnerability: it is disproportionately affecting [OT] networks, and it\u2019s already actively showing up in systems tied to critical infrastructure.\u201d\u00a0said April Lenhard, principal product manager at Qualys.<\/p>\n<p>According to Lenhard,\u00a0exploitation could \u201calter sensor readings, trigger outages, introduce safety risks and cause physical damage.\u201d<\/p>\n<p>While education accounted for 72.7% of all detections, many OT-heavy sectors like utilities, mining and aerospace saw no recorded OT triggers, possibly due to segmentation, delayed targeting or gaps in detection.<\/p>\n<p>Researchers urge organizations to patch immediately, upgrading\u00a0to OTP 27.3.3, OTP 26.2.5.11 or OTP 25.3.2.20. Temporary measures include disabling the SSH server or restricting access via firewall rules.<\/p>\n<p>\u201cAddressing this vulnerability should be a top priority for any security team responsible for an OT network,\u201d\u00a0Richards concluded.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A severe remote code execution (RCE) vulnerability in Erlang\u2019s Open Telecom Platform (OTP) Secure Shell daemon (sshd) is being actively exploited. According to a new analysis by Palo Alto\u2019s Unit 42, CVE-2025-32433, rated 10.0 on the CVSS scale, allows unauthenticated attackers to execute commands by sending specific SSH messages before authentication.\u00a0 Vulnerable versions include Erlang\/OTP<\/p>\n","protected":false},"author":2,"featured_media":2268,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2267","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2267-d91de0dd-cdca-40b9-89bc-35cf4a7a34e8.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2267-d91de0dd-cdca-40b9-89bc-35cf4a7a34e8-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2267-d91de0dd-cdca-40b9-89bc-35cf4a7a34e8.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2267-d91de0dd-cdca-40b9-89bc-35cf4a7a34e8.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2267-d91de0dd-cdca-40b9-89bc-35cf4a7a34e8.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2267-d91de0dd-cdca-40b9-89bc-35cf4a7a34e8.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2267-d91de0dd-cdca-40b9-89bc-35cf4a7a34e8.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2267-d91de0dd-cdca-40b9-89bc-35cf4a7a34e8.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2267-d91de0dd-cdca-40b9-89bc-35cf4a7a34e8.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2267-d91de0dd-cdca-40b9-89bc-35cf4a7a34e8.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2267-d91de0dd-cdca-40b9-89bc-35cf4a7a34e8-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2267"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2267\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2268"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}