FreeBSD: VID-06269AE8-1E0D-11F0-AD0B-B42E991FC52E (CVE-2025-32433): Erlang -- Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
Description
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
Solution(s)
- freebsd-upgrade-package-erlang
- freebsd-upgrade-package-erlang-runtime21
- freebsd-upgrade-package-erlang-runtime22
- freebsd-upgrade-package-erlang-runtime23
- freebsd-upgrade-package-erlang-runtime24
- freebsd-upgrade-package-erlang-runtime25
- freebsd-upgrade-package-erlang-runtime26
- freebsd-upgrade-package-erlang-runtime27
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center