Security researchers find a 10/10 flaw in Erlang/OTP SSH
Horizon3 Attack Team says the flaw is “surprisingly easy” to exploit
A patch is available, so users should update now
Erlang/OTP SSH, a set of libraries for the Erlang programming language, carries a maximum-severity vulnerability that allows for remote code execution and is “surprisingly easy” to exploit, researchers are warning.
A team of cybersecurity researchers from the Ruhr University Bochum (Germany) recently discovered an improper handling of pre-authentication protocol messages flaw, which affects all versions of Erlang/OTP SSH. It is tracked as CVE-2025-32433 and carries a severity score of 10/10 (critical).
