Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server

On April 16, 2025, a critical vulnerability in the Erlang/OTP SSH server was disclosed. This vulnerability could allow an unauthenticated, remote attacker to perform remote code execution (RCE) on an affected device.<br><br>
The vulnerability is due to a flaw in the handling of SSH messages during the authentication phase.<br><br>
For a description of this vulnerability, see the <a href=”https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2″ target=”_blank” rel=”noopener”>Erlang announcement</a>.<br><br>
This advisory will be updated as additional information becomes available.<br><br>
This advisory is available at the following link:<br><a href=”https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy”>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy</a><br><br>

<br/>Security Impact Rating: Critical

<br/>CVE: CVE-2025-32433Cisco Security AdvisoryRead More