Details of VAR-202504-1178

ID

VAR-202504-1178

CVE

CVE-2025-32433

TITLE

ERLANG of Erlang/OTP Vulnerabilities related to lack of authentication for important functions in products from multiple vendors

Trust: 0.8

sources: JVNDB: JVNDB-2025-006839

DESCRIPTION

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules. ERLANG of Erlang/OTP Products from multiple vendors such as these contain vulnerabilities related to the lack of authentication for important functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-32433 // JVNDB: JVNDB-2025-006839

AFFECTED PRODUCTS

vendor:	cisco	model:	confd basic	scope:	lt	version:	8.1.16.2	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	gte	version:	6.4	Trust: 1.0
vendor:	erlang	model:	erlang\/otp	scope:	lt	version:	27.3.3	Trust: 1.0
vendor:	cisco	model:	ultra packet core	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	5.7.19.1	Trust: 1.0
vendor:	cisco	model:	confd basic	scope:	lt	version:	8.4.4.1	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	6.4.4.1	Trust: 1.0
vendor:	cisco	model:	confd basic	scope:	lt	version:	8.2.11.1	Trust: 1.0
vendor:	erlang	model:	erlang\/otp	scope:	gte	version:	27.0	Trust: 1.0
vendor:	cisco	model:	enterprise nfv infrastructure software	scope:	lt	version:	4.18	Trust: 1.0
vendor:	cisco	model:	rv340w	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	rv345	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	lt	version:	25.2	Trust: 1.0
vendor:	cisco	model:	confd basic	scope:	lt	version:	8.3.8.1	Trust: 1.0
vendor:	cisco	model:	rv160	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	confd basic	scope:	gte	version:	8.3	Trust: 1.0
vendor:	cisco	model:	confd basic	scope:	gte	version:	8.2	Trust: 1.0
vendor:	erlang	model:	erlang\/otp	scope:	gte	version:	26.0	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	gte	version:	5.8	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	6.1.16.2	Trust: 1.0
vendor:	cisco	model:	rv345p	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	6.3.8.1	Trust: 1.0
vendor:	cisco	model:	inode manager	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ultra cloud core	scope:	lt	version:	2025.03.1	Trust: 1.0
vendor:	cisco	model:	rv260	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	6.4.1.1	Trust: 1.0
vendor:	cisco	model:	rv160w	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	rv260p	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	staros	scope:	eq	version:	*	Trust: 1.0
vendor:	erlang	model:	erlang\/otp	scope:	lt	version:	25.3.2.20	Trust: 1.0
vendor:	cisco	model:	confd basic	scope:	gte	version:	8.4	Trust: 1.0
vendor:	cisco	model:	optical site manager	scope:	lt	version:	25.2.1	Trust: 1.0
vendor:	cisco	model:	ncs 2000 shelf virtualization orchestrator	scope:	lt	version:	25.1.1	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	6.2.11.1	Trust: 1.0
vendor:	cisco	model:	rv340	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	gte	version:	6.3	Trust: 1.0
vendor:	cisco	model:	ultra services platform	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	confd basic	scope:	gte	version:	8.0.18	Trust: 1.0
vendor:	cisco	model:	confd basic	scope:	lt	version:	7.7.19.1	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	gte	version:	6.4.2	Trust: 1.0
vendor:	cisco	model:	rv260w	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	gte	version:	6.2	Trust: 1.0
vendor:	erlang	model:	erlang\/otp	scope:	lt	version:	26.2.5.11	Trust: 1.0
vendor:	cisco	model:	cloud native broadband network gateway	scope:	lt	version:	2025.03.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ultra cloud core	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv160 vpn ルータ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco enterprise nfv infrastructure software	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco intelligent node manager	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	confd basic	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ultra packet core	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco cloud native broadband network gateway	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco optical site manager	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ultra services platform	scope:	-	version:	-	Trust: 0.8
vendor:	erlang	model:	erlang/otp	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco network services orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ncs 2000 shelf virtualization orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco staros	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv260 vpn ルータ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco smart phy	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv160w wireless-ac vpn ルータ	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-006839 // NVD: CVE-2025-32433

CVSS

SEVERITY

CVSSV2

CVSSV3

security-advisories@github.com:	CVE-2025-32433
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2025-006839
value:	CRITICAL
Trust: 0.8

security-advisories@github.com:	CVE-2025-32433
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-006839
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-006839 // NVD: CVE-2025-32433

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Lack of authentication for critical features (CWE-306) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-006839 // NVD: CVE-2025-32433

PATCH

title:

Top Page

url:

https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f

Trust: 0.8

sources: JVNDB: JVNDB-2025-006839

EXTERNAL IDS

db:	NVD	id:	CVE-2025-32433	Trust: 2.6
db:	OPENWALL	id:	OSS-SECURITY/2025/04/16/2	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2025/04/18/1	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2025/04/19/1	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2025/04/18/6	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2025/04/18/2	Trust: 1.8
db:	ICS CERT	id:	ICSA-25-140-07	Trust: 0.8
db:	JVN	id:	JVNVU96418823	Trust: 0.8
db:	JVNDB	id:	JVNDB-2025-006839	Trust: 0.8

sources: JVNDB: JVNDB-2025-006839 // NVD: CVE-2025-32433

REFERENCES

url:	http://www.openwall.com/lists/oss-security/2025/04/16/2	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2025/04/18/1	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2025/04/18/2	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2025/04/18/6	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2025/04/19/1	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20250425-0001/	Trust: 1.8
url:	https://github.com/prodefense/cve-2025-32433/blob/main/cve-2025-32433.py	Trust: 1.8
url:	https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f	Trust: 1.0
url:	https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12	Trust: 1.0
url:	https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891	Trust: 1.0
url:	https://github.com/erlang/otp/security/advisories/ghsa-37cp-fgq5-7wc2	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu96418823/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-32433	Trust: 0.8
url:	https://www.cisa.gov/known-exploited-vulnerabilities-catalog	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-07	Trust: 0.8

sources: JVNDB: JVNDB-2025-006839 // NVD: CVE-2025-32433

SOURCES

db:	JVNDB	id:	JVNDB-2025-006839
db:	NVD	id:	CVE-2025-32433

LAST UPDATE DATE

2025-06-13T23:00:28.410000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-006839	date:	2025-06-13T05:39:00
db:	NVD	id:	CVE-2025-32433	date:	2025-06-12T16:05:19.650

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-006839	date:	2025-06-13T00:00:00
db:	NVD	id:	CVE-2025-32433	date:	2025-04-16T22:15:14.373