A critical vulnerability in Erlang/OTP’s SSH implementation — now tracked as CVE-2025-32433 — has been confirmed to impact several Cisco products, raising concerns across industries that rely on Cisco infrastructure for connectivity, orchestration, and network management.

This isn’t just a theoretical issue. The flaw allows unauthenticated remote code execution, and proof-of-concept exploits are already public. While Cisco is actively investigating the extent of exposure across its product portfolio, it’s already confirmed that some systems are affected — and patches are on the way.

---

What Is CVE-2025-32433?

This vulnerability was discovered by researchers at Ruhr University Bochum in Germany and affects the SSH protocol message handling in Erlang/OTP, a widely used toolkit for building distributed and fault-tolerant systems.

Just finished reproducing CVE-2025-32433 and putting together a quick PoC exploit — surprisingly easy. Wouldn’t be shocked if public PoCs start dropping soon. If you’re tracking this, now’s the time to take action. #Erlang #SSH pic.twitter.com/hBqJMfFHMN

— Horizon3 Attack Team (@Horizon3Attack) April 17, 2025

The bug is severe. It can allow an attacker to:

• Gain unauthorized access to affected systems
• Execute arbitrary code
• Potentially steal or manipulate sensitive data
• Launch denial-of-service attacks

Fixes have already been released in OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20 — but anything earlier is still vulnerable.

---

Why This Matters for Cisco and the Broader Ecosystem

Cisco has acknowledged that the flaw affects key products, including:

• ConfD
• Network Services Orchestrator (NSO)
• Smart PHY
• Intelligent Node Manager
• Ultra Cloud Core

While ConfD and NSO are not vulnerable to remote code execution due to configuration, the vulnerability still exists, and Cisco plans to issue patches in May.

Cisco also noted that many additional product lines are still under review, including those in routing, switching, unified computing, and network management. That means there could be broader implications still unfolding.

Given how widely Erlang/OTP is used across the telecom and network infrastructure space — not just by Cisco, but by Ericsson, National Instruments, Broadcom, EMQ Technologies, and others — this vulnerability has the potential to ripple across edge devices, OT/IoT systems, and cloud infrastructure.