Skip to main content
Room Banner
Back to all walkthroughs
Room Icon

Erlang/OTP SSH: CVE-2025-32433

Max room.

Learn about and exploit Erlang/OTP SSH CVE-2025-32433 in a lab setup.

easy

30 min

8,581

User profile photo.
User profile photo.
User profile photo.

To access material, start machines and answer questions login.

Erlang and its companion framework, the Open Telecom Platform (OTP), form a powerful ecosystem for building distributed fault-tolerant systems. Erlang is a programming language designed to build scalable real-time systems that require high availability. Originally, Erlang was developed by Ericsson for telecommunication systems; however, it has evolved over the years to become a solution for various distributed computing challenges.

Erlang is used not only by a large number of companies for product development but also by many universities for research and even teaching. You can learn more about Erlang at their official page (opens in new tab).

OTP is a collection of middleware, libraries, and tools written in Erlang. Although the T in OTP stands for Telecom, OTP has evolved into a general-purpose framework for building distributed applications. In general, projects using Erlang are actually using Erlang along with its libraries, i.e., Erlang/OTP.

The Erlang/OTP is an implementation of the protocol as part of the Erlang OTP. It enables secure shell access and secure file transfers within Erlang-based systems. Recently, -2025-32433 (opens in new tab), a critical vulnerability disclosed in the Erlang/OTP implementation that allows unauthenticated remote code execution (). This vulnerability was discovered by researchers from Ruhr University Bochum and has a score of 10.0 (opens in new tab) as it is considered critical.

Answer the questions below

Let’s exploit a vulnerable server in the next task.