VAR-202504-1178
Vulnerability from variot - Updated: 2025-11-18 15:12Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules. ERLANG of Erlang/OTP Products from multiple vendors such as these contain vulnerabilities related to the lack of authentication for important functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202504-1178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "confd basic",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.18"
},
{
"model": "confd basic",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8.1.16.2"
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.8.1"
},
{
"model": "smart phy",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "25.2"
},
{
"model": "rv260w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "confd basic",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.4"
},
{
"model": "cloud native broadband network gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2025.03.1"
},
{
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.8"
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.11.1"
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.4.1"
},
{
"model": "rv260p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "staros",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2025.03"
},
{
"model": "confd basic",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2.11.1"
},
{
"model": "inode manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv160w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv260",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv340w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "confd basic",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8.4.4.1"
},
{
"model": "ncs 2000 shelf virtualization orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "25.1.1"
},
{
"model": "erlang\\/otp",
"scope": "gte",
"trust": 1.0,
"vendor": "erlang",
"version": "27.0"
},
{
"model": "erlang\\/otp",
"scope": "lt",
"trust": 1.0,
"vendor": "erlang",
"version": "27.3.3"
},
{
"model": "ultra cloud core",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2025.03.1"
},
{
"model": "rv160",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "confd basic",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2"
},
{
"model": "rv345p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "optical site manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "25.2.1"
},
{
"model": "ultra services platform",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.7.19.1"
},
{
"model": "confd basic",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8.3.8.1"
},
{
"model": "erlang\\/otp",
"scope": "lt",
"trust": 1.0,
"vendor": "erlang",
"version": "25.3.2.20"
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.16.2"
},
{
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.2"
},
{
"model": "confd basic",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4"
},
{
"model": "rv340",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "erlang\\/otp",
"scope": "lt",
"trust": 1.0,
"vendor": "erlang",
"version": "26.2.5.11"
},
{
"model": "confd basic",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.19.1"
},
{
"model": "enterprise nfv infrastructure software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.18"
},
{
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.1.1"
},
{
"model": "erlang\\/otp",
"scope": "gte",
"trust": 1.0,
"vendor": "erlang",
"version": "26.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "ultra packet core",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2025.03"
},
{
"model": "rv345",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "cisco ultra cloud core",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv160 vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco enterprise nfv infrastructure software",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco intelligent node manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "confd basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco ultra packet core",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco cloud native broadband network gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco optical site manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco ultra services platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "erlang/otp",
"scope": null,
"trust": 0.8,
"vendor": "erlang",
"version": null
},
{
"model": "cisco network services orchestrator",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco ncs 2000 shelf virtualization orchestrator",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco staros",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv260 vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco smart phy",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv160w wireless-ac vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"cve": "CVE-2025-32433",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2025-32433",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-006839",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "security-advisories@github.com",
"id": "CVE-2025-32433",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2025-006839",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules. ERLANG of Erlang/OTP Products from multiple vendors such as these contain vulnerabilities related to the lack of authentication for important functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-32433"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-32433",
"trust": 2.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/04/16/2",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/04/18/1",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/04/19/1",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/04/18/6",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/04/18/2",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-140-07",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96418823",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-006839",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"id": "VAR-202504-1178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.18174963
},
"last_update_date": "2025-11-18T15:12:07.123000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2025/04/16/2"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/1"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/2"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/6"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2025/04/19/1"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20250425-0001/"
},
{
"trust": 1.8,
"url": "https://github.com/prodefense/cve-2025-32433/blob/main/cve-2025-32433.py"
},
{
"trust": 1.0,
"url": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f"
},
{
"trust": 1.0,
"url": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2025-32433"
},
{
"trust": 1.0,
"url": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891"
},
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-erlang-otp-ssh-xyzzy"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"
},
{
"trust": 1.0,
"url": "https://github.com/erlang/otp/security/advisories/ghsa-37cp-fgq5-7wc2"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96418823/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-32433"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-07"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"date": "2025-04-16T22:15:14.373000",
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-13T05:39:00",
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"date": "2025-11-04T14:49:05.177000",
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ERLANG\u00a0 of \u00a0Erlang/OTP\u00a0 Vulnerabilities related to lack of authentication for important functions in products from multiple vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…