Peter Ullrich: The Erlang SSH library has a critical security vulnerability that allows arbitrary code execution. Upgrade to OTP 27.3.3 (or others noted below) ASAP #ElixirLang

See full post

Peter Ullrich peterullrich.com
The Erlang SSH library has a critical security vulnerability that allows arbitrary code execution. Upgrade to OTP 27.3.3 (or others noted below) ASAP #ElixirLang
- InfoSec infosec.skyfleet.blue · Apr 16
  CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH
  CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH
  
  Posted by Fabian Bäumer on Apr 16 Hi all, we (Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, Jörg Schwenk (Ruhr University Bochum)) found a critical security vulnerability in the Erlang/OTP SSH implementation. The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication. This vulnerability has been assigned CVE-2025-32433 with an estimated CVSSv3 of 10.0...
  
  seclists.org
Apr 16, 2025 20:06
0 reposts 0 quotes 0 likes

View on Bluesky Show all post labels

An unhandled error has occurred. Reload 🗙