What the Critical Erlang SSH Vulnerability Means for Elixir Developers
2 days ago
- #SSH
- #Security
- #Erlang
- CVE-2025-32433: Unauthenticated Remote Code Execution (RCE) vulnerability in Erlang/OTP SSH server.
- Affects all users running Erlang/OTP SSH server, regardless of version.
- Critical severity (10/10) with potential for exploitation if SSH daemon is exposed to the public internet.
- Patched versions available for OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.
- Most Elixir/Phoenix applications not affected by default unless Erlang SSH daemon is manually exposed.
- Nerves/IoT devices vulnerable if SSH is exposed to the internet; otherwise safe if SSH is off or tunneled via VPN.
- Check exposure using Shodan or nmap to identify servers running Erlang SSH.
- PaaS providers (Gigalixir, Fly.io, Heroku) inherently safe as they don’t allow port exposure.
- Paraxial.io customers can use Network Scans feature to check SSH versions automatically.