What's Happening?
A critical remote code execution vulnerability in Erlang's Open Telecom Platform (OTP) Secure Shell daemon (sshd) is being actively exploited, according to Palo Alto's Unit 42. The vulnerability, identified as CVE-2025-32433, has a CVSS score of 10.0, allowing unauthenticated attackers to execute commands by sending specific SSH messages before authentication. Vulnerable versions include Erlang/OTP releases before OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. Between May 1 and May 9, a surge in exploitation attempts was observed, with 70% of detections originating from firewalls protecting operational technology networks. Sectors such as healthcare, agriculture, media and entertainment, and high technology are particularly at risk due to their reliance on Erlang/OTP's native SSH for remote administration.
Why It's Important?
The exploitation of this vulnerability poses significant risks to organizations, potentially compromising sensitive information and allowing attackers to gain control over systems. This could lead to further compromises within the network. The vulnerability is particularly concerning for operational technology networks, which are integral to critical infrastructure. If exploited, it could alter sensor readings, trigger outages, introduce safety risks, and cause physical damage. The widespread exposure of Erlang/OTP services on the internet, especially over industrial ports, increases the risk of crossover between IT and industrial control systems, affecting countries like the US, Brazil, and France.
What's Next?
Organizations are urged to patch immediately by upgrading to OTP 27.3.3, OTP 26.2.5.11, or OTP 25.3.2.20. Temporary measures include disabling the SSH server or restricting access via firewall rules. Security teams responsible for operational technology networks should prioritize addressing this vulnerability to prevent potential exploitation and mitigate risks to critical infrastructure.
Beyond the Headlines
The vulnerability highlights the growing intersection between IT and operational technology security, emphasizing the need for robust cybersecurity measures in sectors reliant on industrial control systems. The exploitation attempts underscore the importance of proactive vulnerability management and the need for continuous monitoring and patching to safeguard critical infrastructure.
