Following our recent update regarding the Erlang/OTP RCE vulnerability (CVE-2025-32433), we continued with the threat-focused hunting efforts, looking for machines running vulnerable versions of the Erlang/OTP SSH Package
Axon reports have been published for Team Axon customers, including a list of deliverables. Relevant hits that require your attention will be mentioned in the AXON report.
We continue to monitor CVE-2025-32433 and will provide further updates as necessary. If you have any questions or need further assistance, please feel free to reach out.
Sincerely, Team Axon
Posted Apr 23, 2025 - 13:18 UTC
Investigating
Team Axon is aware of a new critical RCE flaw (CVE-2025-32433) affecting Erlang/OTP SSH daemon. This vulnerability allows remote unauthenticated code execution due to a logical race condition issue. Attackers can send crafted SSH packets to exploit this flaw, which can potentially lead to unauthenticated arbitrary code execution, potentially with root privileges.
We’ve observed the publication of several Proof-of-Concepts related to this vulnerability.
Recommendations: - Upgrade your Erlang/OTP installation to one of the following - OTP-27.3.3 - OTP-26.2.5.11 - OTP-25.3.2.20 - If you’re using a vendor-supplied Erlang distribution (e.g., part of a Cisco or Ericsson product), monitor for official updates. - If a patch/update is not an option, consider: - Restricting access to the SSH port to trusted IPs only. - Use firewall rules to block access from untrusted networks - Disable Erlang/OTP-based SSH if it's not essential.
Our team is actively researching the details and will provide updates after deeply analyzing and assessing the vulnerability, including potential deliverables such as threat hunting queries and visibility insights. Impacted customers will be notified directly.
For further assistance, please don't hesitate to contact us.