Cisco officially announced the presence of a critical defect that affects a number of products in the Erlang/OTP SSH library. The safety vulnerability, which receives the CV-2025-32433 identifier, is estimated with a maximum possible 10.0 points on the CVSS scale. This disadvantage, using the SSH server based on ERLANG/OTP, allows unstable attackers to execute arbitrary code on touched devices. About it reports Securityweek broadcast.
The problem stems from the incorrect processing of certain messages of the SSH protocol, which allows the attacker to send commands before the end of the authentication process. Successful operation can lead to a complete reconciliation of the system, especially in cases where SSH service functions with administrative privileges (root).
In addition to Cisco network equipment, including switches and routers, this vulnerability affects Ericsson products and various IoT systems using Erlang programming language.
In order to eliminate this problem, Cisco confirmed the development of software updates and strongly recommended users to install patches for ERLANG/OTP versions 27.3.3, 26.2.5.11 or 25.3.2.20. As a temporary measure before the publication of corrections, the manufacturer recommends limiting access to vulnerable devices to the SSH connection point, for example using Firemower settings. It is stated that public abuse using this defect is already present.
It appeared in Android 16 before It will appear New protection against hacking over USB.
What are you thinking?
Source: Gazeta
Jackson Ruhl is a tech and sci-fi expert, who writes for “Social Bites”. He brings his readers the latest news and developments from the world of technology and science fiction.