top of page
  • LinkedIn
  • Facebook
  • Instagram
Search

Erlang/OTP SSH RCE: The Unpatched Flaw Threatening Critical Infrastructure🛡️


ree

Researchers have observed a surge in exploit attempts targeting a critical vulnerability in Erlang/Open Telecom Platform (OTP) SSH, identified as CVE-2025-32433, with around 70% of these activities aimed at operational technology (OT) firewalls. This flaw allows remote code execution (RCE) without authentication and poses a significant risk to industrial and critical infrastructure environments. These developments highlight the increasing threat landscape surrounding OT networks and the urgent need for comprehensive cybersecurity defenses.


Attack Details

The vulnerability CVE-2025-32433, a missing authentication issue with a CVSS score of 10.0, was patched in April 2025. Despite this, attackers began exploiting it as early as May 2025, using reverse shells to gain unauthorized remote access to compromised Erlang/OTP SSH servers. Approximately 70% of detections stem from firewalls protecting OT networks. The exploitation attempts occur in short, high-intensity bursts targeting both IT and industrial ports. The affected industries span healthcare, agriculture, media and entertainment, and high technology sectors in the U.S., Canada, Brazil, India, and Australia. The threat actors behind these campaigns remain unidentified.

This diagram shows how CVE-2025-32433 in Erlang/OTP’s SSH service is being actively exploited. Exposed ports and OT firewalls are prime targets.
This diagram shows how CVE-2025-32433 in Erlang/OTP’s SSH service is being actively exploited. Exposed ports and OT firewalls are prime targets.

Impact

The exploitation of the critical Erlang/OTP SSH vulnerability presents far-reaching consequences that can affect not only the targeted systems but also the broader operational and business environments. The ability for attackers to remotely execute arbitrary code without authentication significantly elevates the risk profile for affected organizations. This vulnerability’s exploitation can disrupt industrial processes, compromise sensitive data, and open doors for further malicious activity. As such, organizations should be aware of the potential operational, security, and reputational ramifications, which include but are not limited to:

  • Operational disruption: Unauthorized access to OT firewalls may cause downtime or malfunction in critical industrial control systems.

  • Unauthorized remote access: Attackers gain persistent remote control via reverse shells, facilitating lateral movement within networks.

  • Data compromise: Sensitive operational and system data could be exfiltrated or manipulated.

  • Threat escalation: Initial access could enable further attacks such as ransomware or supply chain compromises.

  • Reputational damage: Public exposure of breaches may erode trust and attract regulatory scrutiny.


Recommendations

Given the critical nature of the vulnerability and its active exploitation, organizations must implement a robust set of proactive and reactive security measures. A comprehensive defense-in-depth strategy is essential to mitigate the risks posed by such high-severity flaws, especially within operational technology environments where downtime or compromise could have severe consequences. Organizations are advised to focus on patch management, network monitoring, access controls, and incident preparedness, including:

  • Apply security patches immediately to all Erlang/OTP SSH servers and OT firewall devices.

  • Monitor network traffic for unusual activity on industrial-specific ports and signs of reverse shell connections.

  • Strengthen access controls and segmentation between IT and OT environments to limit attack surface.

  • Deploy advanced endpoint detection and response (EDR) solutions to identify and block unauthorized code execution.

  • Conduct regular security assessments focused on OT networks and associated firewall protections.

  • Maintain updated incident response plans that address vulnerabilities specific to Erlang/OTP SSH exploitation.


Conclusion

The growing exploitation of the Erlang/OTP SSH vulnerability, with a heavy focus on OT firewall systems, illustrates the evolving cyber threat landscape targeting critical infrastructure. Organizations managing OT environments must prioritize timely patching, enhanced monitoring, and layered defenses to prevent severe operational and security impacts. Continuous vigilance and adaptive security strategies remain essential in countering these targeted remote code execution attacks.

Resources

 
 
 

Comments

bottom of page