Ethical Hacking News
A critical security flaw in the Erlang/Open Telecom Platform (OTP) SSH implementation has been exposed, with over 70% of detections originating from firewalls protecting operational technology (OT) networks. Experts warn that this vulnerability poses a significant risk to exposed assets and industrial-specific ports.
A critical security flaw in the Erlang/Open Telecom Platform (OTP) SSH implementation has been exploited, posing a significant risk to exposed assets. The vulnerability, CVE-2025-32433, allows an attacker with network access to execute arbitrary code on vulnerable systems without requiring credentials. Over 85% of exploit attempts have targeted healthcare, agriculture, media and entertainment, and high technology sectors in the U.S., Canada, Brazil, India, and Australia. The attack surface across OT networks has been compromised, and immediate action is required to mitigate these risks. Patching with latest versions of OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20 is essential to prevent unauthorized access.
A recent surge in exploits targeting a critical security flaw in the Erlang/Open Telecom Platform (OTP) SSH implementation has raised concerns among cybersecurity experts. The vulnerability, identified as CVE-2025-32433 with a CVSS score of 10.0, is a missing authentication issue that could be abused by an attacker with network access to execute arbitrary code on vulnerable systems without requiring credentials.
According to Palo Alto Networks Unit 42 researchers Adam Robbie, Yiheng An, Malav Vyas, Cecilia Hu, Matthew Tennis, and Zhanhao Chen, the native SSH implementation in Erlang/OTP is responsible for encrypted connections, file transfers, and command execution. A flaw in this implementation would allow an attacker with network access to execute arbitrary code on vulnerable systems without requiring credentials, presenting a direct and severe risk to exposed assets.
The cybersecurity company's analysis of telemetry data has revealed that over 85% of exploit attempts have primarily targeted healthcare, agriculture, media and entertainment, and high technology sectors in the U.S., Canada, Brazil, India, and Australia, among others. In the attacks observed, the successful exploitation of CVE-2025-32433 is followed by the threat actors using reverse shells to gain unauthorized remote access to target networks.
"It's currently not known who is behind the efforts," said Unit 42. "This widespread exposure on industrial-specific ports indicates a significant global attack surface across OT networks." The researchers also noted that analysis of affected industries demonstrates variance in the attacks, with attackers attempting to exploit the vulnerability in short, high-intensity bursts.
"These are disproportionately targeting OT networks and attempting to access exposed services over both IT and industrial ports," Unit 42 said. "This widespread exposure on industrial-specific ports indicates a significant global attack surface across OT networks."
The vulnerability was patched in April 2025 with versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. However, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog in June 2025 based on evidence of active exploitation.
"The widespread exposure on industrial-specific ports indicates a significant global attack surface across OT networks," Unit 42 said. "Analysis of affected industries demonstrates variance in the attacks."
Attackers are attempting to exploit the vulnerability in short, high-intensity bursts, with disproportionately targeting OT networks and attempting to access exposed services over both IT and industrial ports.
This recent surge in exploits highlights the importance of staying up-to-date with patching and securing vulnerable systems. The impact of this vulnerability is far-reaching, posing a significant risk to exposed assets and industrial-specific ports.
The attack surface across OT networks has been compromised, and it's essential for organizations to take immediate action to mitigate these risks. This includes ensuring that all systems are patched with the latest versions of OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, as well as implementing robust security measures to prevent unauthorized access.
In conclusion, the recent surge in exploits targeting a critical security flaw in the Erlang/OTP SSH implementation is a clear indication of the ever-evolving threat landscape. As cybersecurity experts, it's essential that we stay vigilant and take proactive measures to protect our systems and networks from these types of threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Global-Security-Alert-ErlangOTP-SSH-Flaw-Exposed-to-Unauthenticated-Attackers-Targeting-Operational-Technology-Networks-ehn.shtml
https://thehackernews.com/2025/08/researchers-spot-surge-in-erlangotp-ssh.html
https://threatprotect.qualys.com/2025/04/21/erlang-otp-ssh-server-remote-code-execution-vulnerability-cve-2025-32433/
Published: Mon Aug 11 11:58:41 2025 by llama3.2 3B Q4_K_M
