CVE-2025-32433

CriticalActively Exploited

Erlang/OTP SSH Server Unauthenticated Remote Code Execution

ACTIVELY EXPLOITED IN THE WILD

PERIMETER DEVICE RISK

CVSS v3.1 Base Score

Critical severity — Immediate action required

AV: Network AC: LowAuth: None

CVE-2025-32433 is a maximum-severity (CVSS 10.0) unauthenticated RCE in Erlang/OTP SSH. An attacker can achieve full system compromise without any credentials. Erlang/OTP SSH is embedded in many OT-relevant systems including CouchDB, RabbitMQ, and various IoT/ICS management platforms. Active exploitation has been confirmed in the wild. Immediate patching is critical.

Status

Actively Exploited

Complexity

Low

Auth Required

Initial Access

SSH service exposed to network — no authentication required

Threat Actors / APT Groups

UNC3944Scattered Spider

Known Techniques

Crafted SSH_MSG_CHANNEL_REQUEST before authentication completes
Pre-auth message injection bypassing SSH handshake state machine
Payload delivery via SSH protocol message fields

Published:2025-03-18

Modified:2025-04-02

Vendor:Erlang/OTP

CWE:CWE-306

Missing Authentication for Critical Function

Risk Summary

Overall RiskCritical

ExploitationActively Exploited

DetectionHigh coverage

Detection Rate97%

Rules Available3

CVE-2025-32433

Erlang/OTP SSH Server Unauthenticated Remote Code Execution

CVSS v3.1 Base Score

Executive Summary

Exploitation Context

Technical Vulnerability Breakdown

Full Description

Detection & Rule Intelligence (3 rules)

Rule Effectiveness & Testing Results

OT Risk Assessment

Mitigation & Response Guidance

Recommendations & Tuning Notes

Affected Products

References