ГлавнаяУязвимости → CVE-2025-32433
10критическая

CVE-2025-32433

Описание

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

Затрагиваемое ПО
Erlang Erlang\/otpCisco Confd basicCisco Network services orchestratorCisco Cloud native broadband network gatewayCisco Inode managerCisco Smart phyCisco Ultra packet coreCisco Ultra services platformCisco StarosCisco Optical site managerCisco Ncs 1001Cisco Ncs 1002Cisco Ncs 1004Cisco Ncs 2000 shelf virtualization orchestrator firmwareCisco Ncs 2000 shelf virtualization orchestrator moduleCisco Enterprise nfv infrastructure softwareCisco Ultra cloud coreCisco Rv160w firmwareCisco Rv160wCisco Rv260 firmwareCisco Rv260Cisco Rv160 firmwareCisco Rv160Cisco Rv260p firmwareCisco Rv260p
CVSS
Балл10 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Источники
https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892fhttps://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2http://www.openwall.com/lists/oss-security/2025/04/16/2http://www.openwall.com/lists/oss-security/2025/04/18/1http://www.openwall.com/lists/oss-security/2025/04/18/2http://www.openwall.com/lists/oss-security/2025/04/18/6