Aggregator

<% Visit %>

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

=============================================================================================
+++++++++++++++++++++++++++++++++++++++

=============================================================================================
+++++++++++++++++++++++++++++++++++++++

Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices.

On April 16, Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of the Ruhr University Bochum in Germany disclosed a critical vulnerability in Erlang/OTP SSH to the OpenWall vulnerability mailing list. Additionally an official advisory was posted to the GitHub project for Erlang/OTP crediting the researchers for their disclosure.

*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. This blog post was published on April 18 and reflects VPR at that time.

CVE-2025-32433 is a remote code execution (RCE) vulnerability affecting the Erlang/OTP SSH server. The vulnerability exists due to a flaw in the SSH protocol message handling which could allow an unauthenticated attacker to execute arbitrary code. According to the advisory, all users running Erlang/OTP SSH servers are impacted and to assume impact if your application utilizes the Erlang/OTP SSH library. This vulnerability received the maximum CVSSv3 score of 10.0 and when the SSH daemon is running as root, allows an attacker to completely compromise an affected device.

At the time this blog was published, no known exploitation has been observed, however with the ease of exploitation and critical severity, we anticipate attacks will occur soon.

On April 17, researchers at Platform Security released a public proof-of-concept (PoC) exploit for CVE-2025-32433. The writeup notes that the PoC was generated with the help of ChatGPT and Cursor, and that it was fairly simple to do so using those AI tools.

The PoC initiates an SSH protocol negotiation as a normal client would. But, before authenticating the user, the client sends an unexpected message with an arbitrary command. The vulnerable server will process these messages and execute the commands. A patched server will disconnect immediately upon seeing these messages prior to authentication.

An additional PoC has been released, and the Horizon3 Attack Team posted on X (formerly Twitter) that they had developed a PoC but have chosen not to release it as of writing.

Just finished reproducing CVE-2025-32433 and putting together a quick PoC exploit — surprisingly easy. Wouldn’t be shocked if public PoCs start dropping soon. If you’re tracking this, now’s the time to take action. #Erlang #SSH pic.twitter.com/hBqJMfFHMN

— Horizon3 Attack Team (@Horizon3Attack) April 17, 2025

Erlang/OTP has released patches to address this vulnerability.

If immediate patching cannot be performed, restricting access via a firewall or disabling the SSH server are mitigation steps provided by Erlang/OTP. However, we strongly recommend upgrading as soon as possible to fully remediate this vulnerability.

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2025-32433 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Additionally, customers can utilize Tenable Attack Surface Management to identify hosts running Erlang/OTP SSH Server.

• Openwall mailing list announcement for CVE-2025-32433
• Advisory for CVE-2025-32433

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The post CVE-2025-32433: Erlang/OTP SSH Unauthenticated Remote Code Execution Vulnerability appeared first on Security Boulevard.

Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices.

On April 16, Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of the Ruhr University Bochum in Germany disclosed a critical vulnerability in Erlang/OTP SSH to the OpenWall vulnerability mailing list. Additionally an official advisory was posted to the GitHub project for Erlang/OTP crediting the researchers for their disclosure.

*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. This blog post was published on April 18 and reflects VPR at that time.

CVE-2025-32433 is a remote code execution (RCE) vulnerability affecting the Erlang/OTP SSH server. The vulnerability exists due to a flaw in the SSH protocol message handling which could allow an unauthenticated attacker to execute arbitrary code. According to the advisory, all users running Erlang/OTP SSH servers are impacted and to assume impact if your application utilizes the Erlang/OTP SSH library. This vulnerability received the maximum CVSSv3 score of 10.0 and when the SSH daemon is running as root, allows an attacker to completely compromise an affected device.

At the time this blog was published, no known exploitation has been observed, however with the ease of exploitation and critical severity, we anticipate attacks will occur soon.

On April 17, researchers at Platform Security released a public proof-of-concept (PoC) exploit for CVE-2025-32433. The writeup notes that the PoC was generated with the help of ChatGPT and Cursor, and that it was fairly simple to do so using those AI tools.

The PoC initiates an SSH protocol negotiation as a normal client would. But, before authenticating the user, the client sends an unexpected message with an arbitrary command. The vulnerable server will process these messages and execute the commands. A patched server will disconnect immediately upon seeing these messages prior to authentication.

An additional PoC has been released, and the Horizon3 Attack Team posted on X (formerly Twitter) that they had developed a PoC but have chosen not to release it as of writing.

Just finished reproducing CVE-2025-32433 and putting together a quick PoC exploit — surprisingly easy. Wouldn’t be shocked if public PoCs start dropping soon. If you’re tracking this, now’s the time to take action. #Erlang #SSH pic.twitter.com/hBqJMfFHMN

— Horizon3 Attack Team (@Horizon3Attack) April 17, 2025

Erlang/OTP has released patches to address this vulnerability.

If immediate patching cannot be performed, restricting access via a firewall or disabling the SSH server are mitigation steps provided by Erlang/OTP. However, we strongly recommend upgrading as soon as possible to fully remediate this vulnerability.

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2025-32433 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Additionally, customers can utilize Tenable Attack Surface Management to identify hosts running Erlang/OTP SSH Server.

• Openwall mailing list announcement for CVE-2025-32433
• Advisory for CVE-2025-32433

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Author/Presenter: Yotam Perkal

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Common Ground – Beyond Whack-a-Mole: Scaling Vulnerability Management by Embracing Automation appeared first on Security Boulevard.

Cloud adoption has transformed organizations’ operations but introduces complex security challenges that demand proactive leadership and a thorough Cloud Security Assessment. A cloud security assessment systematically evaluates your cloud infrastructure to identify vulnerabilities, enforce compliance, and safeguard critical assets. For executives, these assessments are strategic tools that mitigate risks ranging from data breaches to operational […]

The post How to Conduct a Cloud Security Assessment appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A federal whistleblower has accused the Department of Government Efficiency (DOGE) of orchestrating a major cybersecurity breach at the National Labor Relations Board (NLRB), involving unauthorized data extraction, disabled security protocols, and attempted logins from a Russian IP address. The whistleblower, a senior DevSecOps architect at the NLRB, has submitted a detailed affidavit to Congress […]

The post U.S DOGE Allegedly Breached – Whistleblower Leaked Most Sensitive Documents appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.