Vulnerability-Lookup

CVE-2025-32433 (GCVE-0-2025-32433)

Vulnerability from cvelistv5 – Published: 2025-04-16 21:34 – Updated: 2025-11-03 19:53

Title

Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

Summary

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

GitHub_M

References

URL

Tags

	https://github.com/erlang/otp/security/advisories…	x_refsource_CONFIRM
	https://github.com/erlang/otp/commit/0fcd9c56524b…	x_refsource_MISC
	https://github.com/erlang/otp/commit/6eef04130afc…	x_refsource_MISC
	https://github.com/erlang/otp/commit/b1924d37fd83…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	erlang	otp	Affected: >= OTP-27.0-rc1, < OTP-27.3.3 Affected: >= OTP-26.0-rc1, < OTP-26.2.5.11 Affected: < OTP-25.3.2.20

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:53:28.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/16/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/18/1"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/18/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/18/6"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/19/1"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250425-0001/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32433",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-20T03:55:59.410447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-06-09",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:18.778Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py"
          },
          {
            "tags": [
              "vendor-advisory"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-06-09T00:00:00+00:00",
            "value": "CVE-2025-32433 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "otp",
          "vendor": "erlang",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= OTP-27.0-rc1, \u003c OTP-27.3.3"
            },
            {
              "status": "affected",
              "version": "\u003e= OTP-26.0-rc1, \u003c OTP-26.2.5.11"
            },
            {
              "status": "affected",
              "version": "\u003c OTP-25.3.2.20"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306: Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-16T21:34:37.457Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2"
        },
        {
          "name": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12"
        },
        {
          "name": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f"
        },
        {
          "name": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891"
        }
      ],
      "source": {
        "advisory": "GHSA-37cp-fgq5-7wc2",
        "discovery": "UNKNOWN"
      },
      "title": "Erlang/OTP SSH Vulnerable to Pre-Authentication RCE"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-32433",
    "datePublished": "2025-04-16T21:34:37.457Z",
    "dateReserved": "2025-04-08T10:54:58.368Z",
    "dateUpdated": "2025-11-03T19:53:28.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2025-32433",
      "cwes": "[\"CWE-306\"]",
      "dateAdded": "2025-06-09",
      "dueDate": "2025-06-30",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy ; https://nvd.nist.gov/vuln/detail/CVE-2025-32433",
      "product": "Erlang/OTP",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including\u2014but not limited to\u2014Cisco, NetApp, and SUSE.",
      "vendorProject": "Erlang",
      "vulnerabilityName": "Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/04/16/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/04/18/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/04/18/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/04/18/6\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/04/19/1\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250425-0001/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T19:53:28.075Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-32433\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-20T03:55:59.410447Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-06-09\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-06-09T00:00:00+00:00\", \"value\": \"CVE-2025-32433 added to CISA KEV\"}], \"references\": [{\"url\": \"https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py\", \"tags\": [\"exploit\"]}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-17T13:07:27.220Z\"}}], \"cna\": {\"title\": \"Erlang/OTP SSH Vulnerable to Pre-Authentication RCE\", \"source\": {\"advisory\": \"GHSA-37cp-fgq5-7wc2\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"erlang\", \"product\": \"otp\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= OTP-27.0-rc1, \u003c OTP-27.3.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= OTP-26.0-rc1, \u003c OTP-26.2.5.11\"}, {\"status\": \"affected\", \"version\": \"\u003c OTP-25.3.2.20\"}]}], \"references\": [{\"url\": \"https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2\", \"name\": \"https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12\", \"name\": \"https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f\", \"name\": \"https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891\", \"name\": \"https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306: Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-04-16T21:34:37.457Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-32433\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T19:53:28.075Z\", \"dateReserved\": \"2025-04-08T10:54:58.368Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-04-16T21:34:37.457Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2025-AVI-0360

Vulnerability from certfr_avis - Published: 2025-05-02 - Updated: 2025-05-02

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Sensor Proxy	Sensor Proxy version antérieures à 1.2.0
	Tenable	Identity Exposure	Identity Exposure versions antérieures à 3.77.11

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2025-08	2025-05-01	vendor-advisory
Bulletin de sécurité Tenable tns-2025-07	2025-04-30	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sensor Proxy version ant\u00e9rieures \u00e0 1.2.0",
      "product": {
        "name": "Sensor Proxy",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": "Identity Exposure versions ant\u00e9rieures \u00e0 3.77.11",
      "product": {
        "name": "Identity Exposure",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-12797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
    },
    {
      "name": "CVE-2019-16276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16276"
    },
    {
      "name": "CVE-2025-32433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32433"
    },
    {
      "name": "CVE-2024-13176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
    },
    {
      "name": "CVE-2024-9143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
    }
  ],
  "initial_release_date": "2025-05-02T00:00:00",
  "last_revision_date": "2025-05-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0360",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Tenable. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
  "vendor_advisories": [
    {
      "published_at": "2025-05-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-08",
      "url": "https://www.tenable.com/security/tns-2025-08"
    },
    {
      "published_at": "2025-04-30",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-07",
      "url": "https://www.tenable.com/security/tns-2025-07"
    }
  ]
}

CERTFR-2026-AVI-0101

Vulnerability from certfr_avis - Published: 2026-01-29 - Updated: 2026-01-29

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	SCALANCE	SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XCH328 (6GK5328-4TS01-2EC2) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XCM328 (6GK5328-4TS01-2AC2) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XCM324 (6GK5324-8TS01-2AC2) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) versions antérieures à 3.3

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-089022

2026-01-28

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCH328 (6GK5328-4TS01-2EC2) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM328 (6GK5328-4TS01-2AC2) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM324 (6GK5324-8TS01-2AC2) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-9681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
    },
    {
      "name": "CVE-2025-9231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
    },
    {
      "name": "CVE-2025-10148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2025-32433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32433"
    },
    {
      "name": "CVE-2025-4373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
    },
    {
      "name": "CVE-2025-39853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39853"
    },
    {
      "name": "CVE-2025-39865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39865"
    },
    {
      "name": "CVE-2024-41996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
    },
    {
      "name": "CVE-2025-27587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
    },
    {
      "name": "CVE-2023-39810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39810"
    },
    {
      "name": "CVE-2025-1390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
    },
    {
      "name": "CVE-2025-39864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39864"
    },
    {
      "name": "CVE-2025-59375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2025-38086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2025-6141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6141"
    },
    {
      "name": "CVE-2023-42365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42365"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2025-3360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3360"
    },
    {
      "name": "CVE-2025-9232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
    },
    {
      "name": "CVE-2024-52533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
    },
    {
      "name": "CVE-2024-6874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6874"
    },
    {
      "name": "CVE-2025-38085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38085"
    },
    {
      "name": "CVE-2022-48174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48174"
    },
    {
      "name": "CVE-2025-39860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39860"
    },
    {
      "name": "CVE-2023-42364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42364"
    },
    {
      "name": "CVE-2025-39839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39839"
    },
    {
      "name": "CVE-2025-9086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
    },
    {
      "name": "CVE-2023-7256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7256"
    },
    {
      "name": "CVE-2024-6197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6197"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2025-0665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0665"
    },
    {
      "name": "CVE-2024-8096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
    },
    {
      "name": "CVE-2025-39846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39846"
    },
    {
      "name": "CVE-2024-8006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8006"
    },
    {
      "name": "CVE-2025-9230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
    },
    {
      "name": "CVE-2025-38350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2025-38498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
    },
    {
      "name": "CVE-2023-42363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42363"
    },
    {
      "name": "CVE-2025-38084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38084"
    },
    {
      "name": "CVE-2025-39841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39841"
    },
    {
      "name": "CVE-2023-42366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42366"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    },
    {
      "name": "CVE-2025-38345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38345"
    },
    {
      "name": "CVE-2024-47619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47619"
    }
  ],
  "initial_release_date": "2026-01-29T00:00:00",
  "last_revision_date": "2026-01-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0101",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-01-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2026-01-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-089022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html"
    }
  ]
}

FKIE_CVE-2025-32433

Vulnerability from fkie_nvd - Published: 2025-04-16 22:15 - Updated: 2025-11-04 14:49

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12	Patch
security-advisories@github.com	https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f	Patch
security-advisories@github.com	https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891	Patch
security-advisories@github.com	https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/04/16/2	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/04/18/1	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/04/18/2	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/04/18/6	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/04/19/1	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250425-0001/	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py	Exploit
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433	US Government Resource

Impacted products

Vendor	Product	Version
erlang	erlang\/otp	*
erlang	erlang\/otp	*
erlang	erlang\/otp	*
cisco	confd_basic	*
cisco	confd_basic	*
cisco	confd_basic	*
cisco	confd_basic	*
cisco	confd_basic	*
cisco	network_services_orchestrator	*
cisco	network_services_orchestrator	*
cisco	network_services_orchestrator	*
cisco	network_services_orchestrator	*
cisco	network_services_orchestrator	*
cisco	network_services_orchestrator	*
cisco	cloud_native_broadband_network_gateway	*
cisco	inode_manager	-
cisco	smart_phy	*
cisco	ultra_packet_core	*
cisco	ultra_services_platform	-
cisco	staros	*
cisco	optical_site_manager	*
cisco	ncs_1001	-
cisco	ncs_1002	-
cisco	ncs_1004	-
cisco	ncs_2000_shelf_virtualization_orchestrator_firmware	*
cisco	ncs_2000_shelf_virtualization_orchestrator_module	-
cisco	enterprise_nfv_infrastructure_software	*
cisco	ultra_cloud_core	*
cisco	rv160w_firmware	-
cisco	rv160w	-
cisco	rv260_firmware	-
cisco	rv260	-
cisco	rv160_firmware	-
cisco	rv160	-
cisco	rv260p_firmware	-
cisco	rv260p	-
cisco	rv260w_firmware	-
cisco	rv260w	-
cisco	rv340_firmware	-
cisco	rv340	-
cisco	rv340w_firmware	-
cisco	rv340w	-
cisco	rv345_firmware	-
cisco	rv345	-
cisco	rv345p_firmware	-
cisco	rv345p	-
debian	debian_linux	11.0

JSON

To clipboard

{
  "cisaActionDue": "2025-06-30",
  "cisaExploitAdd": "2025-06-09",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E83BFB53-C1CC-4F9E-9794-EE0057EE770B",
              "versionEndExcluding": "25.3.2.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4842AC3A-E1AE-491A-AFCE-F3669397CA82",
              "versionEndExcluding": "26.2.5.11",
              "versionStartIncluding": "26.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "36383ED9-EA7D-4AFF-B2C7-1FFD16207C54",
              "versionEndExcluding": "27.3.3",
              "versionStartIncluding": "27.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FD911AA-C8F6-4109-A3B4-602AEAF2C77D",
              "versionEndExcluding": "7.7.19.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B6F7512-CAC2-42DE-B150-D56AE6F78053",
              "versionEndExcluding": "8.1.16.2",
              "versionStartIncluding": "8.0.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F1269B5-554F-42E0-95A1-BD22C5C23309",
              "versionEndExcluding": "8.2.11.1",
              "versionStartIncluding": "8.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1C890C-D8CA-45FB-B70E-3960B0E9D41B",
              "versionEndExcluding": "8.3.8.1",
              "versionStartIncluding": "8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:confd_basic:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37F31D4A-E5B4-4ED3-BE3C-07FFA0F4D689",
              "versionEndExcluding": "8.4.4.1",
              "versionStartIncluding": "8.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C911AA6C-9CD2-48F5-BC9B-A2D1AACEED03",
              "versionEndExcluding": "5.7.19.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A800C1C-CED2-4D88-ADD3-1705DF8D1611",
              "versionEndExcluding": "6.1.16.2",
              "versionStartIncluding": "5.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C18189F-8645-4801-9217-B7A1E3539F89",
              "versionEndExcluding": "6.2.11.1",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B4EF3D5-5633-4C99-B4AE-360A2A3B985B",
              "versionEndExcluding": "6.3.8.1",
              "versionStartIncluding": "6.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "553AEE68-3FBE-453B-BD12-03FAF3BA6F2C",
              "versionEndExcluding": "6.4.1.1",
              "versionStartIncluding": "6.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCC5384-91EF-44D6-908B-CC019036273A",
              "versionEndExcluding": "6.4.4.1",
              "versionStartIncluding": "6.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:cloud_native_broadband_network_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F813EFB7-F2E8-4E36-BBF3-1FA1C2CB6035",
              "versionEndExcluding": "2025.03.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:inode_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1A6D3F-C7B9-415B-AE44-A263BFAA8B21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14D75E9-5247-4D0F-A92E-10821629089D",
              "versionEndExcluding": "25.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ultra_packet_core:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25BC4E65-0344-45F3-8570-CEBEAA26D302",
              "versionEndExcluding": "2025.03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ultra_services_platform:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "378484EF-6E71-4D73-8864-538A869F8D08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDADC228-B7DA-405D-B704-4E6198D4308E",
              "versionEndExcluding": "2025.03",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:optical_site_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A91EBA2-5C6A-43D1-9657-E0B0B2D214F4",
              "versionEndExcluding": "25.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ncs_2000_shelf_virtualization_orchestrator_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FBA50A5-A1E7-41C4-AC8C-19A2393ACF89",
              "versionEndExcluding": "25.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ncs_2000_shelf_virtualization_orchestrator_module:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B66F36B9-0E4E-4AE0-9102-9B963C5E67D6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:enterprise_nfv_infrastructure_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B41BD0FB-372F-418B-A453-232D04C7C055",
              "versionEndExcluding": "4.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ultra_cloud_core:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41890CCA-16A7-429C-8A31-F467141171A7",
              "versionEndExcluding": "2025.03.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv160w_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C81717-86CA-4B78-B60B-1ABEA71D0243",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv260_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8B9D17F-A3E5-498D-9AE1-11915FEF8B3B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFC99C1-954E-408B-8A08-C79941350F05",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv160_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2D5DF69-3106-40B4-9DEA-1655EC394E01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv260p_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BA3E845-95EC-4CAD-8105-2348F8D58E3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv260w_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "33291CE9-C896-4798-BAD3-5ACA2A412E92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95737F9F-1779-4AAB-875E-2CD586A8B780",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv340_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAA54684-D12C-4050-AFD3-A1A3E2B6585F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7440DB48-9ACC-4D14-A042-12946145AB45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv345_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6DBB708-31C2-499B-B6DC-2DC3501F2FDE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26BE8976-95F2-41DB-A76B-E67CF07DF500",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules."
    },
    {
      "lang": "es",
      "value": "Erlang/OTP es un conjunto de librer\u00edas para el lenguaje de programaci\u00f3n Erlang. En versiones anteriores a OTP-27.3.3, OTP-26.2.5.11 y OTP-25.3.2.20, un servidor SSH pod\u00eda permitir a un atacante realizar una ejecuci\u00f3n remota de c\u00f3digo (RCE) sin autenticaci\u00f3n. Al explotar una falla en la gesti\u00f3n de mensajes del protocolo SSH, un atacante podr\u00eda obtener acceso no autorizado a los sistemas afectados y ejecutar comandos arbitrarios sin credenciales v\u00e1lidas. Este problema est\u00e1 corregido en las versiones OTP-27.3.3, OTP-26.2.5.11 y OTP-25.3.2.20. Una soluci\u00f3n temporal consiste en deshabilitar el servidor SSH o impedir el acceso mediante reglas de firewall."
    }
  ],
  "id": "CVE-2025-32433",
  "lastModified": "2025-11-04T14:49:05.177",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-16T22:15:14.373",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2025/04/16/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2025/04/18/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2025/04/18/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2025/04/18/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2025/04/19/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20250425-0001/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32433"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

CVE-2025-32433

Vulnerability from fstec - Published: 16.04.2025

Title

Уязвимость реализации протокола SSH из набора библиотек Erlang/OTP, связанная с отсутствием проверки подлинности для критически важной функции, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость реализации протокола SSH из набора библиотек Erlang/OTP связана с отсутствием проверки подлинности для критически важной функции. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путем отправки специально сформированных SSH-пакетов

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vendor

ООО «Ред Софт», ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, Cisco Systems Inc., Schneider Electric

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Erlang/OTP, ConfD, Cisco Network Services Orchestrator (NSO), Galaxy VL, Galaxy VS, Galaxy VXL

Software Version

7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 1.8 (Astra Linux Special Edition), до 27.3.3 (Erlang/OTP), до 26.2.5.11 (Erlang/OTP), до 25.3.2.20 (Erlang/OTP), до 7.7.19.1 (ConfD), до 8.1.16.2 (ConfD), до 8.4.4.1 (ConfD), до 5.7.19.1 (Cisco Network Services Orchestrator (NSO)), до 6.1.16.2 (Cisco Network Services Orchestrator (NSO)), до 6.4.1.1 (Cisco Network Services Orchestrator (NSO)), до 6.4.4.1 (Cisco Network Services Orchestrator (NSO)), - (Galaxy VL), - (Galaxy VS), - (Galaxy VXL)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - ограничение возможности использование протокола SSH; - использование средств межсетевого экранирования для ограничения возможности удалённого доступа к уязвимому программному обеспечению; - использование «белого» списка IP-адресов для ограничения доступа к уязвимому программному обеспечению; - использование виртуальных частных сетей для организации удаленного доступа (VPN). Использование рекомендаций: https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12 https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891 Для Cisco Sytstem Inc.: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy Для Schneider Electric: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-133-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-133-05.pdf Для ОС Astra Linux: обновить пакет erlang до 1:22.2.7+dfsg-1+deb10u2.astra3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0507SE17MD Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОС Astra Linux: обновить пакет erlang до 1:25.2.3+dfsg-1+deb12u1.astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0519SE18MD

Reference

https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12 https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-133-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-133-05.pdf http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0519SE18MD https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

CWE

CWE-306

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Cisco Systems Inc., Schneider Electric",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 1.8 (Astra Linux Special Edition), \u0434\u043e 27.3.3 (Erlang/OTP), \u0434\u043e 26.2.5.11 (Erlang/OTP), \u0434\u043e 25.3.2.20 (Erlang/OTP), \u0434\u043e 7.7.19.1 (ConfD), \u0434\u043e 8.1.16.2 (ConfD), \u0434\u043e 8.4.4.1 (ConfD), \u0434\u043e 5.7.19.1 (Cisco Network Services Orchestrator (NSO)), \u0434\u043e 6.1.16.2 (Cisco Network Services Orchestrator (NSO)), \u0434\u043e 6.4.1.1 (Cisco Network Services Orchestrator (NSO)), \u0434\u043e 6.4.4.1 (Cisco Network Services Orchestrator (NSO)), - (Galaxy VL), - (Galaxy VS), - (Galaxy VXL)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432. \u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 SSH;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c\u0443 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044e;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u00ab\u0431\u0435\u043b\u043e\u0433\u043e\u00bb \u0441\u043f\u0438\u0441\u043a\u0430 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c\u0443 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044e;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN). \n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12\nhttps://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f\nhttps://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891\n\n\u0414\u043b\u044f Cisco Sytstem Inc.:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy\n\n\u0414\u043b\u044f Schneider Electric:\nhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-133-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-133-05.pdf\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 erlang \u0434\u043e 1:22.2.7+dfsg-1+deb10u2.astra3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0507SE17MD\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 erlang \u0434\u043e 1:25.2.3+dfsg-1+deb12u1.astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0519SE18MD",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.04.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.06.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.04.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-04706",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-32433",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Erlang/OTP, ConfD, Cisco Network Services Orchestrator (NSO), Galaxy VL, Galaxy VS, Galaxy VXL",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 SSH \u0438\u0437 \u043d\u0430\u0431\u043e\u0440\u0430 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a Erlang/OTP, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 (CWE-306)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 SSH \u0438\u0437 \u043d\u0430\u0431\u043e\u0440\u0430 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a Erlang/OTP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 SSH-\u043f\u0430\u043a\u0435\u0442\u043e\u0432",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12\nhttps://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f\nhttps://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy\nhttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-133-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-133-05.pdf\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0519SE18MD\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-306",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-32433 (GCVE-0-2025-32433)

CERTFR-2025-AVI-0360

Solutions

CERTFR-2026-AVI-0101

Solutions

FKIE_CVE-2025-32433

CVE-2025-32433

Tags

Sightings

Nomenclature