Geographically, the exploitation footprint spanned Japan, the US, the Netherlands, Eire, Brazil, and Ecuador, with some areas seeing 100% of detected assaults concentrating on OT environments.
“The actual hazard with CVE-2025-32433 is that it’s not simply an IT vulnerability: it’s disproportionately affecting operational know-how (OT) networks, and it’s already actively exhibiting up in programs tied to important infrastructure,” stated April Lenhard, principal product supervisor at Qualys. “Most identified compromises contain OT property that management bodily processes like robotics, pumps, valves, and even security programs. Exploitation might alter sensor readings, set off outages, introduce security dangers, and trigger bodily injury.”
Flawed SSH logic led to RCE
The foundation of the issue lies in Erlang/OTP’s SSH daemon improperly processing sure safe shell (SSH) protocol messages, like ‘SSH_MSG_CHANNEL_OPEN’ and ‘SSH_MSG_CHANNEL_REQUEST’, earlier than authentication completes. Underneath regular circumstances, such messages must be rejected till after legitimate credentials are confirmed. As an alternative, OTP’s SSH server treats them as respectable, enabling unauthenticated distant code execution.
