{"id":2856,"date":"2025-04-22T01:31:35","date_gmt":"2025-04-22T01:31:35","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2856"},"modified":"2025-04-22T01:31:35","modified_gmt":"2025-04-22T01:31:35","slug":"public-exploits-already-available-for-a-severity-10-erlang-ssh-vulnerability-patch-now","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2856","title":{"rendered":"Public exploits already available for a severity 10 Erlang SSH vulnerability; patch now"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Experts are urging enterprises to immediately patch an Erlang\/OTP Secure Shell (SSH) vulnerability that allows unauthenticated attackers to gain full access to a device. The remote code execution (RCE) vulnerability (CVE-2025-32433) has a CVSS score of 10, the highest possible severity level.<\/p>\n

Many impacted devices are widely used in Internet of Things (IoT) and telecom platforms, so the vulnerability could have wide-reaching impacts. The issue was discovered on April 16, and researchers have already been able to quickly and easily create exploits of the vulnerability.<\/p>\n

\u201cAnytime you see the phrase \u2018remote code execution,\u2019 it usually means a bad day, but remote code execution on a key service that\u2019s used on telecommunications carrier equipment like network switches is seriously bad news,\u201d said David Shipley, CEO of Beauceron Security. \u201cYou don\u2019t see these 10s very often: unauthenticated full code execution on critical infrastructure.\u201d<\/p>\n

Attackers can take full control of devices<\/h2>\n

The Erlang\/OTP platform is widely used in telecommunications, IoT, and other distributed apps. It is essentially the \u201cbackbone of the internet,\u201d Andres Ramos of Arctic Wolf wrote in a blog post. According to Cisco, 90% of internet traffic<\/a> goes through Erlang-controlled nodes.<\/p>\n

The one-time password (OTP) Secure Shell (SSH) is meant to establish secure connections on the control plane that manages industrial control systems (ICS) and operational technology (OT) devices including routers, switches, and smart sensors.<\/p>\n

If the SSH daemon is running with elevated privileges, such as root, or superuser, or admin privileges, and threat actors take over the affected device, this could lead to a complete system compromise, Ramos wrote. That could lead to manipulation of resources by third parties, unauthorized access to sensitive data, or denial-of-service (DoS) attacks that shut down access to a network.<\/p>\n

\u201cWith the right kind of code, any internet facing server that has this on it could potentially be exploited; threat actors could take full control of that device,\u201d Shipley explained. Once they land in a network, attackers can then go anywhere the equipment is allowed to access, based on network configuration and firewalls, and can look for other unpatched devices to do even more damage, he said.\u00a0<\/p>\n

Arctic Wolf identified a number of impacted applications<\/a>, including those from Ericsson, Cisco, National Instruments, Broadcom, EMQ Technologies, Apache Software Foundation, Riak Technologies, and Very Technology.<\/p>\n

Affected versions of Erlang\/OTP SSH include Erlang\/OTP-27.3.2 and earlier, Erlang\/OTP-26.2.5.10 and earlier and Erlang\/OTP-25.3.2.19 and earlier. Customers should update them immediately. For those enterprises unable to immediately upgrade, Arctic Wolf recommends disabling the SSH server or restricting access via firewall rules.<\/p>\n

\u2018Surprisingly easy\u2019 to recreate<\/h2>\n

Researchers at the Ruhr University Bochum in Germany initially disclosed the vulnerability, explaining that it was due to a flaw in the SSH protocol message handling which allows attackers to send protocol messages before authentication.<\/p>\n

\u201cIf your application uses Erlang\/OTP SSH to provide remote access, assume you are affected,\u201d the researchers warned<\/a>.<\/p>\n

Threat actors can be incredibly active in the brief window between the time a vulnerability is discovered and when a patch is released and applied. This makes it all the more important for security teams to act quickly, experts advised.<\/p>\n

Case in point: Not long after the news of the Erlang\/OTP SSH issue broke, security researchers from the Horizon3 Attack Team reproduced the flaw and put together a quick proof of concept (PoC) exploit, finding it \u201csurprisingly easy.\u201d<\/p>\n

\u201cWouldn\u2019t be shocked if public PoCs start dropping soon,\u201d they wrote on X<\/a>. \u201cIf you\u2019re tracking this, now\u2019s the time to take action.\u201d<\/p>\n

PoC exploits have indeed since been published on GitHub and elsewhere.<\/p>\n

Particularly in telecom, there\u2019s a \u201chuge issue\u201d with nation-state hacking, Shipley pointed out. We\u2019ve seen recently how attackers can take over a whole telecom network; the Chinese group Salt Typhoon, for one, successfully infiltrated and gained access to multiple US telecom networks<\/a>.<\/p>\n

Enterprises shouldn\u2019t look at this through a short-term mitigation lens, Shipley emphasized. \u201cThis isn\u2019t just \u2018There\u2019s an update, patch your PC, reboot it. This takes careful risk and management analysis.\u201d<\/p>\n

He also pointed out that the discovery underscores the importance of the Common Vulnerabilities and Exposures (CVE) program, which was in danger of losing its funding from the US government last week (it was extended at the last minute<\/a>).<\/p>\n

\u201cAdd to that that it\u2019s happening over a holiday long weekend, and I\u2019m sure there are lots of IT and OT teams having a not so fun start to the week,\u201d said Shipley.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Experts are urging enterprises to immediately patch an Erlang\/OTP Secure Shell (SSH) vulnerability that allows unauthenticated attackers to gain full access to a device. The remote code execution (RCE) vulnerability (CVE-2025-32433) has a CVSS score of 10, the highest possible severity level. Many impacted devices are widely used in Internet of Things (IoT) and telecom […]<\/p>\n","protected":false},"author":0,"featured_media":2857,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2856","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2856"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2856"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2856\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2857"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2856"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2856"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}