1. Home
  2. Vulnerabilities
  3. CVE-2025-32433
Known Exploited Vulnerability
10.0
CRITICAL CVSS 3.1
CVE-2025-32433
Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability - [Actively Exploited]
Description

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

INFO

Published Date :

April 16, 2025, 10:15 p.m.

Last Modified :

July 30, 2025, 7:24 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes :

This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy ; https://nvd.nist.gov/vuln/detail/CVE-2025-32433

Affected Products

The following products are affected by CVE-2025-32433 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Cisco staros
2 Cisco network_services_orchestrator
3 Cisco rv340_firmware
4 Cisco rv340w_firmware
5 Cisco rv345_firmware
6 Cisco rv345p_firmware
7 Cisco enterprise_nfv_infrastructure_software
8 Cisco rv160_firmware
9 Cisco rv160w_firmware
10 Cisco rv260_firmware
11 Cisco rv260p_firmware
12 Cisco rv260w_firmware
13 Cisco ultra_services_platform
14 Cisco smart_phy
15 Cisco ncs_1001
16 Cisco ncs_1002
17 Cisco ncs_1004
18 Cisco rv340
19 Cisco rv340w
20 Cisco rv345
21 Cisco rv345p
22 Cisco rv160
23 Cisco rv160w
24 Cisco rv260
25 Cisco rv260p
26 Cisco rv260w
27 Cisco ultra_cloud_core
28 Cisco confd_basic
29 Cisco cloud_native_broadband_network_gateway
30 Cisco inode_manager
31 Cisco ultra_packet_core
32 Cisco optical_site_manager
33 Cisco ncs_2000_shelf_virtualization_orchestrator_firmware
34 Cisco ncs_2000_shelf_virtualization_orchestrator_module
1 Erlang erlang\/otp
2 Erlang otp
: Total Affected Vendor : 2 | Products : 36
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
Solution
This addresses an unauthenticated remote code execution vulnerability in Erlang/OTP SSH server.
  • Upgrade Erlang/OTP to version 25.3.2.20, 26.2.5.11, or 27.3.3 or later.
  • Update the affected packages.
Public PoC/Exploit Available at Github

CVE-2025-32433 has a 54 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-32433.

URL Resource
https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12 Patch
https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f Patch
https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891 Patch
https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/04/16/2 Mailing List
http://www.openwall.com/lists/oss-security/2025/04/18/1 Mailing List
http://www.openwall.com/lists/oss-security/2025/04/18/2 Mailing List
http://www.openwall.com/lists/oss-security/2025/04/18/6 Mailing List
http://www.openwall.com/lists/oss-security/2025/04/19/1 Mailing List
https://security.netapp.com/advisory/ntap-20250425-0001/ Third Party Advisory
https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py Exploit
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy Third Party Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-32433 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-32433 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
zhanpengliu-tencent/medium-cve

None

Updated: 1 week, 3 days ago
0 stars 0 fork 0 watcher
Born at : Aug. 15, 2025, 9:07 a.m. This repo has been linked 310 different CVEs too.
Profile Photo
NiteeshPujari/CVE-2025-32433-PoC

CVE-2025-32433 PoC: Unauthenticated Remote Code Execution (RCE) in Erlang/OTP SSH. Includes a vulnerable Docker environment and an interactive Python exploit script for ethical hacking & CTF challenges.

Dockerfile Python Erlang

Updated: 1 week, 3 days ago
4 stars 1 fork 1 watcher
Born at : Aug. 13, 2025, 4:34 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
hackermexico/chacal

Chacal Crasher - es un sistema que intenta afectar CVE remotos actuales para crashear la plataforma remota sería lo que antes llamaban NUKER moderno.

Python

Updated: 1 week, 2 days ago
1 stars 0 fork 0 watcher
Born at : Aug. 12, 2025, 9:14 p.m. This repo has been linked 7 different CVEs too.
Profile Photo
blacks1ph0n/ctf-free-rooms

🧠 A Curated Collection of 90+ Free TryHackMe Rooms & CTF Challenges 🔓 Designed for cybersecurity beginners, students, and practitioners — this repo includes hands-on labs, walkthroughs, and updated room lists from TryHackMe and HackTheBox.

Updated: 2 days, 2 hours ago
4 stars 1 fork 1 watcher
Born at : Aug. 4, 2025, 8:53 p.m. This repo has been linked 5 different CVEs too.
Profile Photo
yembors64632/cve_monitor_Public

None

Updated: 1 week, 4 days ago
1 stars 0 fork 0 watcher
Born at : July 23, 2025, 11:54 a.m. This repo has been linked 88 different CVEs too.
Profile Photo
KarimLedesmaHaron/THM-Tutoriales

None

Python Shell

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : July 16, 2025, 7:45 p.m. This repo has been linked 12 different CVEs too.
Profile Photo
ARESHAmohanad/tryhackme

None

Updated: 1 month, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : June 29, 2025, 1:36 a.m. This repo has been linked 19 different CVEs too.
Profile Photo
w3workerz/THM-Walkthroughs

Try to create walkthroughs of Tryhackme-Labs, self learning purpose

Shell Python

Updated: 2 months ago
0 stars 0 fork 0 watcher
Born at : June 24, 2025, 11:06 a.m. This repo has been linked 12 different CVEs too.
Profile Photo
bilalz5-github/bilalz5-github

None

Updated: 2 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : June 16, 2025, 10:35 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
Yuri08loveElaina/CVE-2025-32433-Erlang-OTP-SSH-Pre-Auth-RCE-exploit

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling

cve cve-2025 cve-2025-32433 cve-exploit cve-scanning cve-2025-32433-erlang-otp-ssh-pre-auth-rce erlang-otp-ssh-pre-auth-rce

Python

Updated: 2 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : June 15, 2025, 12:42 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
B1ack4sh/Blackash-CVE-2025-32433

CVE-2025-32433 Erlang SSH Library Exploit 🛑

Python

Updated: 2 months ago
0 stars 0 fork 0 watcher
Born at : June 9, 2025, 10:04 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
vigilante-1337/CVE-2025-32433

A critical flaw has been discovered in Erlang/OTP's SSH server allows unauthenticated attackers to gain remote code execution. One malformed SSH handshake bypasses authentication and exploits improper handling of SSH protocol messages.

Python

Updated: 3 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : May 3, 2025, 1:32 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
colinlyons29/redteam-walkthroughs

A practical cybersecurity portfolio showcasing real-world CVE exploits, lab-based attacks, and pentesting techniques as part of my eJPT and red team journey.

Python

Updated: 3 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : May 2, 2025, 2:57 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
bilalz5-github/Erlang-OTP-SSH-CVE-2025-32433

CVE-2025-32433 – Erlang/OTP SSH vulnerability allowing pre-auth RCE

cve-2025-32433 ericsson erlang rce-exploit ssh

Dockerfile Python

Updated: 3 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : May 2, 2025, 2:06 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
C9b3rD3vi1/Erlang-OTP-SSH-CVE-2025-32433

Exploit Erlang/OTP SSH CVE-2025-32433 in a lab setup.

Updated: 3 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : April 29, 2025, 9:15 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-32433 vulnerability anywhere in the article.

  • Daily CyberSecurity
The Win-DDoS Epidemic: New Flaws Weaponize Windows Domain Controllers for Massive DoS Attacks, PoC Releases

SafeBreach Labs researchers have uncovered a new class of denial-of-service (DoS) vulnerabilities in Microsoft Windows that could enable attackers to weaponize critical infrastructure — without ever b ... Read more

Published Date: Aug 12, 2025 (1 week, 6 days ago)
  • Daily CyberSecurity
Critical Erlang/OTP Flaw (CVE-2025-32433) Under Active Exploitation, Allowing Unauthenticated RCE on OT Networks

Security researchers at Unit 42 have issued an urgent warning regarding CVE-2025-32433, a CVSS 10.0-rated vulnerability in the Secure Shell (SSH) daemon used by certain versions of the Erlang/OTP fram ... Read more

Published Date: Aug 12, 2025 (1 week, 6 days ago)
  • Daily CyberSecurity
Apache bRPC Flaw (CVE-2025-54472) Allows Remote Denial-of-Service Attack

The Apache bRPC project has issued an important security advisory addressing a critical flaw in its Redis protocol parser that could allow attackers to crash affected services remotely. The vulnerabil ... Read more

Published Date: Aug 12, 2025 (1 week, 6 days ago)
  • CybersecurityNews
Erlang/OTP SSH RCE Vulnerability Exploited in the Wild to Attack Across OT Networks

A critical remote code execution vulnerability in Erlang/OTP’s SSH daemon has been actively exploited in the wild, with cybercriminals targeting operational technology networks across multiple industr ... Read more

Published Date: Aug 12, 2025 (1 week, 6 days ago)
  • The Hacker News
Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls

Aug 11, 2025Ravie LakshmananVulnerability / Network Security Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as e ... Read more

Published Date: Aug 11, 2025 (1 week, 6 days ago)
  • Cyber Security News
CISA Warns of Erlang/OTP SSH Server RCE Vulnerability Exploited in Attacks

CISA has issued an urgent warning regarding a critical vulnerability in Erlang/OTP SSH servers that is being actively exploited in the wild. The vulnerability, tracked as CVE-2025-32433, enables attac ... Read more

Published Date: Jun 10, 2025 (2 months, 2 weeks ago)
  • security.nl
VS meldt actief misbruik van kritiek lek in Erlang Erlang/OTP SSH Server

Aanvallers maken actief misbruik van een kritieke kwetsbaarheid in Erlang Erlang/OTP SSH Server, zo waarschuwt het Cybersecurity and Infrastructure Security Agency (CISA) van het Amerikaanse ministeri ... Read more

Published Date: Jun 10, 2025 (2 months, 2 weeks ago)
  • Help Net Security
Week in review: MITRE ATT&CK v17.0 released, PoC for Erlang/OTP SSH bug is public

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs MITRE has released the latest version of its A ... Read more

Published Date: Apr 27, 2025 (3 months, 4 weeks ago)
  • TheCyberThrone
CVE-2025-34028 impacts Commvault Command Center

CVE-2025-34028 is a critical path traversal vulnerability affecting the Commvault Command Center Innovation Release. This flaw allows unauthenticated remote attackers to upload malicious ZIP files, wh ... Read more

Published Date: Apr 25, 2025 (4 months ago)
  • Cyber Security News
Cisco Confirms Multiple Products Impacted by Erlang/OTP SSH Server RCE Vulnerability

Cisco Systems has issued a critical security advisory confirming that multiple products across its portfolio are affected by a remote code execution (RCE) vulnerability in the Erlang/OTP SSH server (C ... Read more

Published Date: Apr 24, 2025 (4 months ago)
  • TheCyberThrone
CVE-2025-1021 impacts Synology DiskStation Manager

CVE-2025-1021 is a critical vulnerability affecting Synology DiskStation Manager (DSM), specifically its Network File System (NFS) service. This flaw allows unauthenticated remote attackers to read ar ... Read more

Published Date: Apr 24, 2025 (4 months ago)
  • TheCyberThrone
CVE-2025-1731 and CVE-2025-1732 impacts Zyxel Firewalls

Zyxel has disclosed two critical vulnerabilities, CVE-2025-1731 and CVE-2025-1732, affecting its USG FLEX H series firewalls. These vulnerabilities could allow authenticated local attackers to escalat ... Read more

Published Date: Apr 23, 2025 (4 months ago)
  • Help Net Security
Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs

MITRE has released the latest version of its ATT&CK framework, which now also includes a new section (“matrix”) to cover the tactics, techniques and procedures (TTPs) used to target VMware ESXi hyperv ... Read more

Published Date: Apr 23, 2025 (4 months ago)
  • TheCyberThrone
CVE-2025-32433 impacts Erlang/OTP

The CVE-2025-32433 vulnerability, identified in the Erlang/OTP SSH library, is a severe remote code execution (RCE) flaw that allows unauthenticated attackers to execute arbitrary commands during SSH ... Read more

Published Date: Apr 23, 2025 (4 months ago)
  • security.nl
Cisco waarschuwt voor kritiek Erlang/OTP SSH-lek in eigen producten

Een kritieke kwetsbaarheid in Erlang/OTP SSH server is ook aanwezig in producten van Cisco, zo waarschuwt het netwerkbedrijf dat updates heeft uitgebracht om het probleem te verhelpen. Erlang is een p ... Read more

Published Date: Apr 23, 2025 (4 months ago)
  • Daily CyberSecurity
Critical RCE Vulnerability in Erlang/OTP SSH Server Impacts Multiple Cisco Products

A critical remote code execution (RCE) vulnerability tracked as CVE-2025-32433 has disclosed. This flaw resides in the Erlang/OTP SSH server and affects a number of Cisco products that rely on the pla ... Read more

Published Date: Apr 23, 2025 (4 months ago)
  • Cyber Security News
ChatGPT Creates Working Exploit for CVE’s Before Public PoCs Released

In a development that could transform vulnerability research, security researcher Matt Keeley demonstrated how artificial intelligence can now create working exploits for critical vulnerabilities befo ... Read more

Published Date: Apr 23, 2025 (4 months ago)
  • Help Net Security
PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)

There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All users running an SSH server bas ... Read more

Published Date: Apr 22, 2025 (4 months ago)
  • The Register
Today's LLMs craft exploits from patches at lightning speed

The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours, thanks to generative AI models. Matthew Keely, of Platform Security and penetration te ... Read more

Published Date: Apr 21, 2025 (4 months ago)
  • The Hacker News
⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

Cybersecurity / Hacking News Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that's exactly what we saw in last week's activity. Hackers are getting better at hid ... Read more

Published Date: Apr 21, 2025 (4 months ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-32433 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Jul. 30, 2025

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:* *cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:* versions up to (excluding) 25.2 *cpe:2.3:a:cisco:ultra_services_platform:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:inode_manager:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:ultra_packet_core:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:cloud_native_broadband_network_gateway:*:*:*:*:*:*:*:* versions up to (excluding) 2025.03.1 OR *cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:* versions up to (excluding) 25.2 *cpe:2.3:a:cisco:ultra_services_platform:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:inode_manager:-:*:*:*:*:*:*:* *cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:* versions up to (excluding) 2025.03 *cpe:2.3:a:cisco:cloud_native_broadband_network_gateway:*:*:*:*:*:*:*:* versions up to (excluding) 2025.03.1 *cpe:2.3:a:cisco:ultra_packet_core:*:*:*:*:*:*:*:* versions up to (excluding) 2025.03
    Added Reference Type CISA-ADP: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy Types: Third Party Advisory
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jul. 30, 2025

    Action Type Old Value New Value
    Added Reference https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy
  • Reanalysis by [email protected]

    Jun. 12, 2025

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:* versions up to (excluding) 7.7.19.1 *cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.18 up to (excluding) 8.1.16.2 *cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:* versions from (including) 8.2 up to (excluding) 8.2.11.1 *cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:* versions from (including) 8.3 up to (excluding) 8.3.8.1 *cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:* versions from (including) 8.4 up to (excluding) 8.4.4.1
    Added CPE Configuration OR *cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 5.7.19.1 *cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:* versions from (including) 5.8 up to (excluding) 6.1.16.2 *cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.2.11.1 *cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:* versions from (including) 6.3 up to (excluding) 6.3.8.1 *cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:* versions from (including) 6.4 up to (excluding) 6.4.1.1 *cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:* versions from (including) 6.4.2 up to (excluding) 6.4.4.1
    Added CPE Configuration OR *cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:* *cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:* versions up to (excluding) 25.2 *cpe:2.3:a:cisco:ultra_services_platform:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:inode_manager:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:ultra_packet_core:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:cloud_native_broadband_network_gateway:*:*:*:*:*:*:*:* versions up to (excluding) 2025.03.1
    Added CPE Configuration AND OR *cpe:2.3:a:cisco:optical_site_manager:*:*:*:*:*:*:*:* versions up to (excluding) 25.2.1 OR cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:ncs_2000_shelf_virtualization_orchestrator_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 25.1.1 OR cpe:2.3:h:cisco:ncs_2000_shelf_virtualization_orchestrator_module:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:cisco:enterprise_nfv_infrastructure_software:*:*:*:*:*:*:*:* versions up to (excluding) 4.18 *cpe:2.3:a:cisco:ultra_cloud_core:*:*:*:*:*:*:*:* versions up to (excluding) 2025.03.1
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:rv160w_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:rv260_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:rv160_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:rv260p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:rv260w_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:rv340_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:rv340w_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:rv345_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:rv345p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*
  • Initial Analysis by [email protected]

    Jun. 11, 2025

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* versions up to (excluding) 25.3.2.20 *cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* versions from (including) 26.0 up to (excluding) 26.2.5.11 *cpe:2.3:a:erlang:erlang/otp:*:*:*:*:*:*:*:* versions from (including) 27.0 up to (excluding) 27.3.3
    Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2025/04/16/2 Types: Mailing List
    Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2025/04/18/1 Types: Mailing List
    Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2025/04/18/2 Types: Mailing List
    Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2025/04/18/6 Types: Mailing List
    Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2025/04/19/1 Types: Mailing List
    Added Reference Type GitHub, Inc.: https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12 Types: Patch
    Added Reference Type GitHub, Inc.: https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f Types: Patch
    Added Reference Type GitHub, Inc.: https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891 Types: Patch
    Added Reference Type GitHub, Inc.: https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 Types: Vendor Advisory
    Added Reference Type CISA-ADP: https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py Types: Exploit
    Added Reference Type CVE: https://security.netapp.com/advisory/ntap-20250425-0001/ Types: Third Party Advisory
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Jun. 10, 2025

    Action Type Old Value New Value
    Added Date Added 2025-06-09
    Added Due Date 2025-06-30
    Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Apr. 25, 2025

    Action Type Old Value New Value
    Added Reference https://security.netapp.com/advisory/ntap-20250425-0001/
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Apr. 21, 2025

    Action Type Old Value New Value
    Added Reference https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Apr. 19, 2025

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2025/04/19/1
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Apr. 19, 2025

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2025/04/18/6
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Apr. 18, 2025

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2025/04/18/2
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Apr. 18, 2025

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2025/04/18/1
  • New CVE Received by [email protected]

    Apr. 16, 2025

    Action Type Old Value New Value
    Added Description Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    Added CWE CWE-306
    Added Reference https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12
    Added Reference https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f
    Added Reference https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891
    Added Reference https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Apr. 16, 2025

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2025/04/16/2
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 10
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact