{"uuid": "c2cfcc1f-842a-4245-bd5e-c4439e9b2add", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32433", "type": "exploited", "source": "https://t.me/cKure/15206", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks.\n\nThe vulnerability in question is CVE-2025-32433 (CVSS score: 10.0), a missing authentication issue that could be abused by an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code. It was patched in April 2025 with versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.\n\nhttps://thehackernews.com/2025/08/researchers-spot-surge-in-erlangotp-ssh.html", "creation_timestamp": "2025-08-12T09:45:27.000000Z"}