Cisco Verifies That a Critical Erlang/OTP Flaw Affects Several Products

Cisco is currently investigating a problem with Erlang/OTP software. They have identified that some of their products have a serious security issue known as a remote code execution flaw, which was disclosed recently.

  Vulnerability Alerts   Apr 24, 2025  Add to Reading List
Cisco Verifies That a Critical Erlang/OTP Flaw Affects Several Products

Cisco is currently investigating a problem with Erlang/OTP software. They have identified that some of their products have a serious security issue known as a remote code execution flaw, which was disclosed recently.

Last week, a critical security flaw was found in the SSH component of Erlang/OTP. Erlang/OTP is a collection of tools used to create systems that must operate reliably, like those used in banking and communications.

Researchers from Ruhr University Bochum in Germany discovered this issue, tracked as CVE-2025-32433. This SSH protocol message handling problem can let attackers who don't have permission access systems and execute any code they want.

The vulnerability could allow attackers to completely take over systems, accessing confidential information or even stopping systems from working.

The issue has been fixed in OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. However, it still affects older versions.

Shortly after the flaw became known, experts realized that exploiting this vulnerability is relatively easy, and technical details as well as proof-of-concept exploits were shared publicly very quickly.

Qualys researcher Mayuresh Dani informed SecurityWeek that many devices could be vulnerable as a significant number of Cisco and Ericsson devices run on Erlang.

Dani warned that any service using the Erlang/OTP SSH library for remote access, such as those in OT/IoT devices and edge computing devices, could be vulnerable to attacks.

Cybersecurity firm Arctic Wolf also analyzed the potential impact, noting that in addition to Ericsson and Cisco, companies like National Instruments, Broadcom, EMQ Technologies, Very Technology, Apache Software Foundation, and Riak Technologies use Erlang/OTP, though they often require separate installation.

In 2018, Cisco estimated that 90% of internet traffic was routed through Erlang-controlled nodes. This week, Cisco published a notice to inform its customers that they are investigating how this vulnerability affects their products.

Cisco is examining several of its products, including routing and network management tools, to determine if they are affected. It has confirmed that products like ConfD, Network Services Orchestrator (NSO), Smart PHY, Intelligent Node Manager, and Ultra Cloud Core are impacted.

While ConfD and NSO have the flaw, Cisco pointed out that they are not at risk for remote code execution due to their configuration. Cisco expects to release patches for these issues in May.

Currently, there are no public reports of this vulnerability being exploited in real-world attacks.