The critical Erlang/OTP SSH flaw actively exploited targeting operational technology networks
Take action: If you are running Erlang based SSH service, time to update NOW. Especially in OT networks. Naturally, make sure the OT systems are not exposed to the internet. Then start patching.
Learn More
Palo Alto Networks is reporting active exploitation attempts of a critical vulnerability in the Erlang programming language's Open Telecom Platform (OTP) SSH implementation.
The flaw is tracked as CVE-2025-32433 (CVSS score 10) and enables unauthenticated attackers to execute arbitrary code on vulnerable systems without credentials. Attackers with network access can execute commands by sending SSH connection protocol messages that should only be processed after successful authentication.
Vulnerable versions include Erlang/OTP prior to OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.
Palo Alto Networks' telemetry detects that exploitation attempts surged sharply between May 1 and May 9, 2025. The company's Cortex Xpanse scanning identified 275 distinct hosts and 326 distinct Erlang/OTP services that were exposed on the internet during the observation period.
Erlang/OTP is widespread in critical infrastructure and industrial control systems, since it is valued for its fault-tolerance and scalability. Out of 3,376 CVE-2025-32433 signatures triggered globally, approximately 70 percent originated from firewalls protecting OT networks.
Organizations can mitigate this vulnerability by upgrading to patched versions, which include OTP 27.3.3 or later, OTP 26.2.5.11 or later, and OTP 25.3.2.20 or later. Despite the availability of patches, widespread exploitation attempts continue as organizations struggle to update critical infrastructure systems.
