Hi all,we (Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, Jörg Schwenk (Ruhr University Bochum)) found a critical security vulnerability in the Erlang/OTP SSH implementation. The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication. This vulnerability has been assigned CVE-2025-32433 with an estimated CVSSv3 of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). The issue is caused by a flaw in the SSH protocol message handling which allows an attacker to send connection protocol messages prior to authentication.
### Am I affected?All users running an SSH server based on the Erlang/OTP SSH library are likely to be affected by this vulnerability. If your application uses Erlang/OTP SSH to provide remote access, assume you are affected.
### ImpactThe vulnerability allows an attacker to execute arbitrary code in the context of the SSH daemon. If your SSH daemon is running as root, the attacker has full access to your device. Consequently, this vulnerability may lead to full compromise of hosts, allowing for unauthorized access to and manipulation of sensitive data by third parties, or denial-of-service attacks.
### MitigationUsers are advised to update to the latest available Erlang/OTP release. Fixed versions are OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. As a temporary workaround, access to vulnerable SSH servers can be prevented by suitable firewall rules.
### AdvisoryAn official advisory is available on GitHub: https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
Best regards, Fabian Bäumer -- M. Sc. Fabian Bäumer Chair for Network and Data Security Ruhr University Bochum Universitätsstr. 150, Building MC 4/145 44780 Bochum Germany
smime.p7s
Description: Kryptografische S/MIME-Signatur
