virus logo Threat Signal Report

Erlang/OTP RCE

What is the Vulnerability?

A critical SSH vulnerability has recently been identified in the Erlang/Open Telecom Platform (OTP). The vulnerability, tracked as CVE-2025-32433, has been assigned a CVSS score of 10.0. It is unauthenticated, remotely exploitable, and requires low complexity to execute.

Erlang/OTP is commonly found in IoT devices and telecommunications platforms, and is prominently used by companies such as Ericsson, WhatsApp, and Cisco, among others.

Update: June 9, 2025: CISA has added CVE-2025-32433 Erlang/OTP SSH Server Missing Authentication to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

What is the recommended Mitigation?

A security patch for OTP has been made available via GitHub. FortiGuard Labs strongly recommends that organizations prioritize applying the latest security updates.
This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.

What FortiGuard Coverage is available?

  • FortiGuard Labs has available IPS protection for CVE-2025-32433 which detects and block attack attempts targeting Erlang/OTP RCE vulnerability. Intrusion Prevention | FortiGuard Labs

  • The FortiGuard Incident Response team is available to assist with any suspected compromise.

Additional Resources

Erlang/OTP Advisory
NVD Publication


Released Date Apr 21, 2025
Updated Date Jun 09, 2025
Tags Threat Signal Vulnerability
CVE ID

Experienced a Breach? We're here to help

FortiGuard Incident Response Services
FortiGuard Incident Response Services
About FortiGuard Threat Signal

Learn More »