1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability

Known Exploited Vulnerabilities CVE-2025-32433

Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-32433 Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability exploitation_technique T1021.004 SSH
Comments
Attackers have exploited this Erlang OTP vulnerability by using reverse shells to obtain unauthenticated access, allowing them to execute remote code on the system.
References
  1. https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/
CVE-2025-32433 Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
Attackers have exploited this Erlang OTP vulnerability by using reverse shells to obtain unauthenticated access, allowing them to execute remote code on the system.
References
  1. https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/