Cisco has acknowledged that several of its key products are impacted by a critical Erlang/OTP flaw (CVE-2025-32433) that could open the door to remote code execution attacks.
A newly discovered vulnerability in the SSH component of Erlang/OTP—a technology widely used in high-availability applications like e-commerce and telecom systems—has triggered serious concerns across the cybersecurity landscape. Known as CVE-2025-32433, this flaw could allow unauthenticated attackers to take control of vulnerable systems and execute arbitrary code, effectively granting full access to affected devices.
The flaw was discovered by researchers at Ruhr University Bochum in Germany. According to their findings, the bug stems from how SSH protocol messages are handled within Erlang/OTP. Its severity lies in the fact that it doesn’t require prior authentication and can lead to system-wide compromise, including data theft and potential denial-of-service (DoS) attacks.
Erlang/OTP versions earlier than OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20 are confirmed to be vulnerable. The maintainers have already released security patches, and users are urged to update immediately.
Cybersecurity firms have been quick to respond. Cisco, which has long used Erlang in many of its solutions, has launched an investigation to assess the scope of the exposure across its product lines. The company recently published an advisory confirming that several products—including ConfD, Network Services Orchestrator (NSO), Smart PHY, Intelligent Node Manager, and Ultra Cloud Core—are affected.
While Cisco did confirm these products contain the vulnerable Erlang component, the company clarified that in some cases, configuration settings prevent remote code execution. For example, both ConfD and NSO are reportedly not susceptible to remote takeover due to their current configurations. Nonetheless, Cisco has promised to issue patches by May 2025.
Security researchers, including those from Arctic Wolf and Qualys, are warning that the flaw’s impact could be wider than initially thought. That’s because Erlang is not just used by Cisco, but also by companies like Ericsson, National Instruments, Broadcom, and the Apache Software Foundation. While some vendors require manual installation of Erlang, others bundle it directly into their platforms—especially in the IoT, OT, and edge computing sectors.
What’s particularly troubling is the speed at which exploitation techniques have emerged. Within a day of public disclosure, proof-of-concept (PoC) exploits were circulating online. According to researchers, exploiting CVE-2025-32433 is alarmingly easy, making it a high-priority threat for vendors and customers alike.
Despite the availability of PoC code and the simplicity of the exploit, there have been no confirmed reports of real-world attacks leveraging this flaw—yet.
Back in 2018, Cisco estimated that nearly 90% of global internet traffic passed through nodes powered by Erlang, highlighting the programming environment’s widespread use. With that in mind, the company’s swift action in releasing a security advisory and beginning the patch process shows how seriously it’s treating the issue.
For businesses using affected Cisco systems, proactive patching and network segmentation will be essential to mitigate risk while updates roll out. The window between disclosure and active exploitation is shrinking fast, especially when tools are publicly available.
