Follow
Follow
Follow
Follow
News
By Rex M. Lee, Security Advisor/Tech Journalist
.jpg)
As reported in the Hacker News, “Researchers Spot Surge in Erlang/OTP SSH RCE Exploits” by Ravie Lakshamanan, a now-patched critical vulnerability in Erlang/Open Telecom Platform (OTP) SSH has been actively exploited since at least May 2025, with the majority of attacks targeting operational technology (OT) networks worldwide. The flaw, tracked as CVE-2025-32433 and rated with a CVSS score of 10.0, represents the highest severity level possible.
The vulnerability stems from a missing authentication issue in Erlang/OTP’s native SSH implementation — the component responsible for secure communication, encrypted connections, file transfers, and command execution. This flaw allows attackers with network access to a vulnerable server to execute arbitrary code without credentials, posing a direct and severe risk to exposed systems.
The issue was patched in April 2025 with releases OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. However, exploitation attempts began at least a month prior, with about 70% of detections originating from firewalls protecting OT environments.
In June 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-32433 to its Known Exploited Vulnerabilities (KEV) catalog after confirming active attacks. Research from Palo Alto Networks’ Unit 42 shows that over 85% of exploitation attempts have been directed at organizations in healthcare, agriculture, media & entertainment, and high technology sectors across the U.S., Canada, Brazil, India, and Australia.
Once attackers successfully exploit the vulnerability, they deploy reverse shells to gain persistent, unauthorized remote access to targeted networks. The exploitation has been marked by short, high-intensity bursts of activity, disproportionately aimed at OT networks. These attacks leverage both IT and industrial ports, significantly expanding the potential attack surface.
Unit 42 notes that the concentration of attacks on industrial-specific ports highlights a global risk to critical infrastructure sectors. While the identity of the threat actors remains unknown, the targeting pattern suggests a deliberate focus on industries where disruption could have widespread operational or economic impact.
The rapid exploitation of CVE-2025-32433 underscores the importance of timely patching for critical vulnerabilities, especially in OT environments where downtime and exposure carry high stakes. Given the cross-industry targeting and the ability to compromise systems without authentication, this flaw presents a serious risk to both national and economic security.
Organizations using Erlang/OTP SSH should verify they are running patched versions and review firewall and access control configurations to block unnecessary exposure to industrial and IT ports. Network monitoring for abnormal activity, particularly reverse shell attempts, is also recommended.
As OT networks continue to converge with IT infrastructure, vulnerabilities like CVE-2025-32433 highlight the urgent need for integrated cybersecurity strategies that address both operational resilience and threat intelligence.
About the Author
Rex M. Lee is a Privacy and Cybersecurity Advisor, Tech Journalist and a Senior Tech/Telecom Industry Analyst for BlackOps Partners, Washington, DC. Find more information at CyberTalkTV.com
Want to dive deeper into cybersecurity trends and solutions? Join us at any TechTalk Summits to hear from experts and explore strategies to protect your data.
Register now and stay ahead of the curve! [All Events]
