@marksadegi.bsky.social
Reposted
The Erlang SSH library has a critical security vulnerability that allows arbitrary code execution. Upgrade to OTP 27.3.3 (or others noted below) ASAP #ElixirLang
CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH
CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH
Posted by Fabian Bäumer on Apr 16 Hi all,
we (Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, Jörg Schwenk (Ruhr
University Bochum)) found a critical security vulnerability in the
Erlang/OTP SSH implementation. The vulnerability allows an attacker with
network access to an Erlang/OTP SSH server to execute arbitrary code
without prior authentication. This vulnerability has been assigned
CVE-2025-32433 with an estimated CVSSv3 of 10.0...
seclists.org
April 16, 2025 at 8:06 PM
The Erlang SSH library has a critical security vulnerability that allows arbitrary code execution. Upgrade to OTP 27.3.3 (or others noted below) ASAP #ElixirLang