Critical Infrastructure Security, OT Security, Firewalls, Routers, Exposure management

Erlang/OTS SSH exploit rated 10.0 targets critical infrastructure

A firewall with visible cracks, under assault by malware, symbolized by warning signs and skulls, representing a critical security breach.

(Adobe Stock)

A 10.0 critical bug in the Erlang/OTP SSH daemon has been exploited targeting critical infrastructure environments primarily on OT firewalls in the healthcare, agriculture, media and entertainment, and high technology sectors.

Exploitation of CVE-2025-32433 started on May 1, said Palo Alto Networks' Unit 42 researchers in an Aug. 11 blog post.

The researchers said OT administrators use Erlang/OTP's native SSH implementation to remotely manage hosts, which makes CVE-2025-32433 a particular concern because at the heart of Erlang/OTP’s secure communication capabilities lies its native SSH implementation: it’s responsible for encrypted connections, file transfers and most important: command execution.

According to the CVE released by NIST, a malicious actor exploiting a flaw in SSH protocol messaging could gain unauthorized access to affected systems and run a remote code execution (RCE) without valid credentials. 

Erlang/OTP was originally designed by Ericsson to build concurrent, fault-tolerant, and distributed systems, explained Mark Townsend, co-founder and CTO at AcceleTrex. He said it includes the tools that are useful in building and maintaining large systems like OT and 5G systems and it's had a proven track record of operating in telcom for decades.

“With complete access to a control point, an attacker could create outages or damage systems,” said Townsend. “For example, attacking an OT factory network, the attacker could issue a close command to a switch that creates a factory explosion. 

April Lenhard, principal product manager at Qualys, said the real danger with CVE-2025-32433 is that it’s not just an IT vulnerability: it’s disproportionately affecting OT networks, and it’s already actively showing up in systems tied to critical infrastructure.

“Most known compromises involve OT assets that control physical processes like robotics, pumps, valves, or even safety systems,” said Lenhard. “Exploitation could alter sensor readings, trigger outages, introduce safety risks, and cause physical damage."

Lenhard added that by the time breaches are detected, attackers were often already inside the network through other means and simply moving laterally toward OT systems: this means they are exploiting the growing convergence of IT and OT systems to penetrate critical infrastructure across industries.

Thomas Richards, infrastructure security practice director at Black Duck, said an exploit of this bug could have severe consequences on the organization, its network, and operations. Richards said attackers would have full control over the system which can result in a compromise of sensitive information and let them compromise additional hosts within the network.

“ It would also let an attacker disrupt the operations of any connected systems,” said Richards. “This is additionally concerning for any critical infrastructure as the disruption could negatively impact large portions of the population. Addressing this vulnerability should be a top priority for any security team responsible for an OT network.”

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Distributed ScansDomain NameDrive-by DownloadDumpSecExtended Access Control Lists (ACLs) - CiscoFail-ClosedFilterFiltering RouterGatewayIngress Filtering

You can skip this ad in 5 seconds