Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Erlang/OTP SSH Servers
Alerts

Critical Vulnerability in Erlang/OTP SSH Servers

21 April 2025

Security researchers have disclosed a critical vulnerability in Erlang/OTP SSH servers. Users and administrators of the affected product versions are advised to update to the latest versions immediately.

Security researchers have disclosed a critical vulnerability (CVE-2025-32433) in Erlang/OTP SSH servers. Erlang/OTP is a set of libraries for the Erlang programming language. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 10 out of 10 and its Proof-of-Concept exploit is now publicly available.

Successful exploitation of the vulnerability could allow unauthorised attackers to bypass authentication and perform remote code execution. 

This vulnerability affects the following versions prior to and including:

  • OTP-27.3.2

  • OTP-26.2.5.10

  • OTP-25.3.2.19

Users and administrators of the affected product versions are advised to update to the latest versions immediately.

More information available here:

https://nvd.nist.gov/vuln/detail/CVE-2025-32433

https://www.bleepingcomputer.com/news/security/public-exploits-released-for-critical-erlang-otp-ssh-flaw-patch-now/

https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2

Back to top