Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild
1 min read
Summary
A serious vulnerability (CVE-2025-32433) has been identified in certain versions of the Open Telecom Platform (OTP) in the Erlang programming language, which enables an unauthenticated remote code execution capability.
Palo Alto Networks has reproduced, validated and analysed this vulnerability and has observed exploitation attempts of this nature in the wild.
These exploitation attempts are being seen across multiple industries but there is a larger attack surface within Operational Technology (OT) networks.
Malicious actors are actively exploiting this vulnerability in short, high-intensity bursts that are disproportionately targeting OT networks and attempting to access exposed services over both IT and industrial ports.
The primary mitigation strategy is to upgrade to a patched version of OTP.
By Adam Robbie, Yiheng An, Malav Vyas, Cecilia Hu, Matthew Tennis and Zhanhao Chen
