CVE-2025-32433

CRITICAL CISA KEV

CVSS v3

CRITICAL

EPSS Score

—

exploit probability

CISA KEV

Yes

known exploited

Exploitation

—

SSVC status

Description

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary w

CISA Known Exploited Vulnerability

Date Added: 6/9/2025
Patch Due Date: 6/30/2025
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Technical Details

CVSS v3 Vector: 3.1
Published: 4/16/2025
Last Modified: 11/4/2025

Frequently Asked Questions

What is CVE-2025-32433?

Is CVE-2025-32433 actively exploited?

Yes. CVE-2025-32433 is on the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it has been confirmed as actively exploited in the wild. CISA requires federal agencies to patch by 6/30/2025.

What is the CVSS score for CVE-2025-32433?

CVE-2025-32433 has a CVSS v3 base score of 10 (CRITICAL severity), with vector string 3.1.

Is CVE-2025-32433 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.

Check an IP Search CVEs

Back to CVE Database