Erlang security advisory (AV25-232)

Serial number: AV25-232
Date: April 24, 2025

On April 16, 2025, Erlang published a security advisory to address a critical vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in the following products:

• OTP – versions OTP-27.3.2 and prior
• OTP – versions OTP-26.2.5.10 and prior
• OTP – versions OTP-25.3.2.19 and prior

This vulnerability allows unauthenticated RCE.

Open-source reporting has indicated that CVE-2025-32433 may have been exploited.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Unauthenticated Remote Code Execution in Erlang/OTP SSH