Is CVE-2025-32433 actively exploited?

CVE-2025-32433 has no public evidence of in-the-wild exploitation as of 2025-11-04.

What is the CVSS score for CVE-2025-32433?

CVE-2025-32433 has a CVSS score of 10 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2025-32433?

Patch guidance is available from erlang security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-32433.

Fix CVE-2025-32433 - CRITICAL erlang erlang\/otp

Q: Which products are affected by CVE-2025-32433?

34 products: erlang erlang\/otp, erlang erlang\/otp, erlang erlang\/otp, cisco confd basic, cisco confd basic, and 29 more.

Description

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-306 · Missing Authentication

Metadata

Primary Vendor: ERLANG
Published: 4/16/2025
Last Modified: 11/4/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

erlang : erlang\/otperlang : erlang\/otperlang : erlang\/otpcisco : confd_basiccisco : confd_basiccisco : confd_basiccisco : confd_basiccisco : confd_basiccisco : network_services_orchestratorcisco : network_services_orchestratorcisco : network_services_orchestratorcisco : network_services_orchestratorcisco : network_services_orchestratorcisco : network_services_orchestratorcisco : cloud_native_broadband_network_gatewaycisco : inode_managercisco : smart_phycisco : ultra_packet_corecisco : ultra_services_platformcisco : staroscisco : optical_site_managercisco : ncs_2000_shelf_virtualization_orchestrator_firmwarecisco : enterprise_nfv_infrastructure_softwarecisco : ultra_cloud_corecisco : rv160w_firmwarecisco : rv260_firmwarecisco : rv160_firmwarecisco : rv260p_firmwarecisco : rv260w_firmwarecisco : rv340_firmwarecisco : rv340w_firmwarecisco : rv345_firmwarecisco : rv345p_firmwaredebian : debian_linux

Remediation Guidance

Executive Summary

View on NIST NVD