PoC Exploit Releases for CVE-2025-32433 – Critical SSH Vulnerability in Erlang/OTP
Do Son 
Experts from Ruhr University Bochum have uncovered a critical vulnerability in the SSH component of the Erlang/OTP platform. As revealed on Wednesday via the OpenWall mailing list, the flaw—designated CVE-2025-32433—enables malicious actors to execute arbitrary code on vulnerable systems.
The issue stems from the way the platform handles SSH protocol messages. An attacker can dispatch connection setup messages even before authentication occurs—exploiting a loophole that allows unauthorized access. Although developers have already released patches in versions 25.3.2.10 and 26.2.4, swiftly updating all affected systems presents a formidable challenge.
The difficulty lies in Erlang/OTP’s widespread use across telecommunications infrastructure, various database systems, and platforms where high availability and fault tolerance are paramount. Updating such systems demands careful orchestration—an all-at-once approach is simply unfeasible.
The urgency of the situation escalated dramatically when multiple experts developed working exploits capable of remote code execution. Among them were Peter Girnus of the Zero Day Initiative and a research team from Horizon3. All expressed astonishment at how effortlessly the vulnerability could be weaponized.
Shortly thereafter, the company ProDefense published a functional exploit on GitHub, making it publicly accessible, while an anonymous variant appeared on Pastebin. Both versions spread rapidly across social media. Girnus confirmed the ProDefense exploit to be fully operational, although he was unable to execute the Pastebin variant.
Experts unanimously warn that, now that these exploits are in the wild, threat actors will soon begin scanning the internet en masse in search of vulnerable targets. As Girnus emphasized in an interview with journalists:
“SSH remains the most widely used protocol for remote administration, making this confluence of factors a serious threat to critical infrastructure.”
According to the researcher, the situation is particularly alarming against the backdrop of increasingly frequent attacks on telecommunications companies by state-sponsored threat actors. He specifically named Chinese groups Volt Typhoon and Salt Typhoon, both notorious for successfully breaching edge networking equipment and infiltrating telecom systems in the U.S. and worldwide.
Accurately estimating the number of devices running the Erlang/OTP SSH daemon is difficult, but the scale of potential risk is undeniably vast. Data from the Shodan search engine indicates that Erlang/OTP is active on over 600,000 IP addresses, most of which belong to servers running CouchDB—a database built entirely on Erlang/OTP.
System administrators are strongly urged to update all devices using the platform’s SSH component without delay. Any procrastination could invite serious consequences.
