Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild

Aug. 11, 2025, 3:42 p.m.

Description

A critical vulnerability (CVE-2025-32433) in Erlang/OTP's SSH daemon allows unauthenticated remote code execution, affecting critical infrastructure and operational technology networks. With a CVSS score of 10.0, it enables command execution by sending SSH connection protocol messages to open ports. Exploit attempts peaked from May 1-9, 2025, with 70% of detections in OT networks. The vulnerability impacts industries like healthcare, agriculture, media, and high technology. Malicious payloads observed include reverse shells for unauthorized access. Geographic distribution shows high impact in countries like Japan, the U.S., and Brazil. The exploit attempts occur in concentrated bursts, disproportionately affecting OT environments across diverse sectors.

External References

https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433
https://otx.alienvault.com/pulse/689a04b1ef59d07106326aa0
Tags
exploit
vulnerability
ssh
remote code execution
critical infrastructure
CVE-2025-32433
2025-08-11
erlang/otp
operational technology

Date

  • Created: Aug. 11, 2025, 2:56 p.m.
  • Published: Aug. 11, 2025, 2:56 p.m.
  • Modified: Aug. 11, 2025, 3:42 p.m.

Indicators

  • 146.103.40.203
  • dns.outbound.watchtowr.com
Download all indicators here!

Attack Patterns

Additional Informations

  • Agriculture
  • Retail
  • Technology
  • Healthcare
  • Media
  • Education
  • Finance
  • Manufacturing
  • Ireland
  • Netherlands
  • Japan
  • France
  • Ecuador
  • United Kingdom of Great Britain and Northern Ireland
  • Brazil
  • United States of America

Linked vulnerabilities

CVE-2025-32433

10.0
    Erlang
  • Otp
Published: April 16, 2025