Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
The error results from improper handling of SSH protocol messages (CWE-306 — missing required authentication for critical functions). An attacker can send crafted SSH protocol messages to the vulnerable server, thereby bypassing authentication mechanisms. This allows execution of arbitrary system commands in the context of the SSH server process without valid login credentials.
An attacker gains full, unauthenticated control over the vulnerable system, enabling execution of arbitrary commands, reading and modifying data, and potentially compromising the entire Erlang/OTP-based infrastructure. The vulnerability has scope beyond the directly attacked environment (CVSS Scope: Changed).
Immediately update Erlang/OTP to version OTP-27.3.3, OTP-26.2.5.11, or OTP-25.3.2.20. As a temporary workaround until patches are deployed, disable the Erlang/OTP-based SSH server or restrict access using firewall rules. Cisco product users should follow the vendor's recommendations regarding patch availability for their specific platforms.
Erlang/OTP in all versions before OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20 when running an SSH server from the OTP library. The vulnerability affects, among others, Cisco devices: Inode Manager, NCS 1001, NCS 1004, RV340W Firmware, Ultra Packet Core.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HCisco Cloud Native Broadband Network Gateway
APPCisco< 2025.03.1Cisco Confd Basic
APPCisco8.2 – 8.2.11.1 (bez)< 7.7.19.18.0.18 – 8.1.16.2 (bez)8.3 – 8.3.8.1 (bez)8.4 – 8.4.4.1 (bez)Cisco Enterprise Nfv Infrastructure Software
APPCisco< 4.18Cisco Inode Manager
APPCiscowszystkie wersjeCisco Ncs 1001
HWCiscowszystkie wersjeCisco Ncs 1002
HWCiscowszystkie wersjeCisco Ncs 1004
HWCiscowszystkie wersjeCisco Ncs 2000 Shelf Virtualization Orchestrator Firmware
OSCisco< 25.1.1Cisco Ncs 2000 Shelf Virtualization Orchestrator Module
HWCiscowszystkie wersjeCisco Network Services Orchestrator
APPCisco6.4.2 – 6.4.4.1 (bez)6.2 – 6.2.11.1 (bez)5.8 – 6.1.16.2 (bez)< 5.7.19.16.3 – 6.3.8.1 (bez)6.4 – 6.4.1.1 (bez)Cisco Optical Site Manager
APPCisco< 25.2.1Cisco Rv160
HWCiscowszystkie wersjeCisco Rv160 Firmware
OSCiscowszystkie wersjeCisco Rv160w
HWCiscowszystkie wersjeCisco Rv160w Firmware
OSCiscowszystkie wersjeCisco Rv260
HWCiscowszystkie wersjeCisco Rv260 Firmware
OSCiscowszystkie wersjeCisco Rv260p
HWCiscowszystkie wersjeCisco Rv260p Firmware
OSCiscowszystkie wersjeCisco Rv260w
HWCiscowszystkie wersjeCisco Rv260w Firmware
OSCiscowszystkie wersjeCisco Rv340
HWCiscowszystkie wersjeCisco Rv340 Firmware
OSCiscowszystkie wersjeCisco Rv340w
HWCiscowszystkie wersjeCisco Rv340w Firmware
OSCiscowszystkie wersjeCisco Rv345
HWCiscowszystkie wersjeCisco Rv345 Firmware
OSCiscowszystkie wersjeCisco Rv345p
HWCiscowszystkie wersjeCisco Rv345p Firmware
OSCiscowszystkie wersjeCisco Smart Phy
APPCisco< 25.2
CISA KEV — detailsi
- Vendori
- Erlang
- Producti
- Erlang/OTP
- Added to KEVi
- June 9, 2025
- Remediation deadline (US Federal)i
- June 30, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki
Apache Tomcat: Path Equivalence prowadzący do RCE i ujawnienia danych