Skip to content

Cisco confirms several products affected by RCE flaw

  • by
  • 2 min read

Cisco confirmed that many of its products are affected by a recently discovered Erlang/OTP flaw, which allows for remote code execution. A severe flaw that facilitates device hijacking was found in the SSH implementation of Erlang/OTP, a set of libraries, middleware, and other tools used for developing soft real-time systems that require high availability, such as e-commerce, banking, and communications programs.

The critical vulnerability, dubbed CVE-2025-32433, was found by researchers of Ruhr University Bochum in Germany. The SSH protocol handling flaw allows threat actors to gain access to compromised systems and run arbitrary code without authentication.

The researchers said that exploitation of the weakness can result in full compromise of host systems, which grants unauthorised access and permits third-party manipulation of sensitive data or Dos attacks.

While CVE-2025-32433 was patched in OTP 25.3.2.20, OTP 26.2.5.11 and OTP 27.3.3, previous versions are still vulnerable to exploitation. Following the discovery of the vulnerability, cybersecurity professionals said that it is, “easy” to exploit and a proof-of-concept was made available in less than 24 hours.

Arctic Wolf, an SOC company, also investigated the possible impact of the flaw and observed that, besides Ericsson and Cisco, which use Erlang in many products, companies such as Broadcom, EMQ Technologies, National Instruments, the Apache Software Foundation, Very Technology, and Riak Technologies also use the software. However, the other companies prompt a separate installation of the software.

Andres Ramos of Arctic Wolf said, “While fixes for Erlang/OTP SSH are now available, the security patch is not automatically applied to software products that use Erlang/OTP SSH.”

Cisco released a security advisory to inform its customers that an investigation of the vulnerability and its impact on the products was underway. The company confirmed that affected products include ConfD, Network Services Orchestrator (NSO), Smart PHY, Intelligent Node Manager, and Ultra Cloud Core. Meanwhile, many routing, switching, network management, network application, and unified computing components are still being investigated.

The company said that patches for ConfD and NSO, which are not vulnerable to remote code execution due to its configuration, are expected to be delivered in May. There have not been any reports on active exploitation of CVE-2025-32433 at the time of writing.

In the News: South Korea’s biggest telco discloses data breach

Arun Maity

Arun Maity

Arun Maity is a journalist from Kolkata who graduated from the Asian College of Journalism. He has an avid interest in music, videogames and anime. When he's not working, you can find him practicing and recording his drum covers, watching anime or playing games. You can contact him here: arunmaity23@proton.me

Related Reads

This is an image of telecom tower

South Korea’s biggest telco discloses data breach

This is an image of chatgpt featured 21324132

Washington Post partners with OpenAI to ensure ChatGPT gets news right

This is an image of https 3344700 1280

SSL.com patches abused certificate issue vulnerability

Photo: koshiro k/shutterstock. Com

OpenAI report claims its latest models hallucinate more

What is a hack? 9 different types of hackers you must know about

New RustoBot malware hijacks routers to inject commands

This is an image of wordpress featured 9924

Ad-fraud operation monetises piracy via WordPress plugins

>