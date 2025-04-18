Widely used library Erlang/OTP SSH was discovered to be affected by a maximum severity flaw, tracked as CVE-2025-32433, which could be leveraged to allow code execution without required logins, according to Hackread

All applications and services operating SSH servers atop the Erlang/OTP SSH library are potentially impacted by the vulnerability, which stems from the SSH server's management of messages before authentication and could result in an escalation to privileges similar to the SSH daemon, a study from Ruhr University Bochum researchers revealed. Such a flaw has been regarded by Qualys Manager of Security Research Mayuresh Dani to be "extremely critical." "If the SSH daemon runs with root privileges, which is common in many deployments, the threat actor will gain complete control," added Dani, who urged immediate implementation of the latest Erlang/OTP versions as well as IP restrictions for SSH ports. Organizations have also been recommended to evaluate their systems for potential compromise.