A critical vulnerability in Erlang/OTP’s SSH implementation, CVE-2025-32433, has been actively exploited since May, mainly targeting operational technology (OT) networks. The flaw allows remote code execution via the SSH daemon, potentially granting attackers full host access.
Erlang/OTP is widely used in high-availability systems like banking, telecom, and industrial automation. Palo Alto Networks reported a surge in attacks from May 1–9, with 70% aimed at OT environments, especially in the U.S.
The vulnerability affects unpatched SSH servers using Erlang/OTP. It was patched in OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. CISA added it to its Known Exploited Vulnerabilities catalog on June 9.
Palo Alto found exposed services on ports like TCP 2222 and noted that 85% of attacks targeted healthcare, agriculture, media, and tech sectors. Malicious payloads included reverse shells and botnet-linked communications. Hundreds of vulnerable services remain exposed across industrial networks.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
