There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week.
“All users running an SSH server based on the Erlang/OTP SSH library are likely to be affected by this vulnerability. If your application uses Erlang/OTP SSH to provide remote access, assume you are affected,” Ruhr University Bochum researchers, who discovered and reported the flaw, said.
About CVE-2025-32433
Erlang/OTP SSH is a set of libraries that allows developers to embed SSH server or client functionality directly into Erlang applications. Erlang/OTP is commonly found in IoT devices and telecommunications platforms/systems.
CVE-2025-32433 may allow unauthenticated malicious actors with network access to hosts (computers) running an Erlang/OTP SSH server to execute arbitrary code in the context of the SSH daemon.
“If your SSH daemon is running as root, the attacker has full access to your device. Consequently, this vulnerability may lead to full compromise of hosts, allowing for unauthorized access to and manipulation of sensitive data by third parties, or denial-of-service attacks,” Fabian Bäumer, Chair for Network and Data Security at Ruhr University Bochum, explained in a post on the OSS-SEC mailing list last Wednesday.
In a subsequent post, he explained that the vulnerability stems from missing authentication for a critical function.
“The fix for this vulnerability is rather simple. The server must simply check whether the client is authenticated when receiving connection protocol messages and disconnect if this is not the case. And this is exactly what the patch by the Erlang/OTP team does,” he noted.
The vulnerability affects the following versions: OTP-27.3.2 (and earlier), OTP-26.2.5.10 (and earlier), OTP-25.3.2.19 (and earlier).
“Users are advised to update to OTP-27.3.3 (for OTP-27), OTP-26.2.5.11 (for OTP-26), or OTP-25.3.2.20 (for OTP-25) to mitigate this issue,” the CVE-2025-32433 advisory recommends.
Arctic Wolf has compiled a list of companies and their products using Erlang. “While fixes for Erlang/OTP SSH are now available, the security patch is not automatically applied to software products that use Erlang/OTP SSH. The best method for remediating these vulnerabilities in third-party software products is to apply the official security updates from the vendor of each affected software product,” the company pointed out.
If upgrading to a fixed version isn’t immediately possible, users should either disable the SSH server or prevent access to it via firewall rules.
PoC exploit with help from AI
The public disclosure of the vulnerability was quickly followed by the publishing of several PoC exploits for it.
Among those is one by Matt Keeley, a security researcher with Platform Security and ProDefense, who used AI to develop it.
He fed the limited information available from a tweet by Horizon3.ai researchers – who created a PoC exploit but did not publish it – into ChatGPT-4.
“GPT-4 not only understood the CVE description, but it also figured out what commit introduced the fix, compared that to the older code, found the diff, located the vuln, and even wrote a proof of concept. When it didn’t work? It debugged it and fixed it too,” he said.
“This opens up some serious questions about how quickly AI can assist in vulnerability research — or even automate entire chunks of it. A few years ago, this process would have required specialized Erlang knowledge and hours of manual debugging. Today, it took an afternoon with the right prompts.”
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
