CISA Issues Alert on Erlang/OTP SSH Server RCE Vulnerability Under Active Exploitation

CISA Issues Alert on Erlang/OTP SSH Server RCE Vulnerability Under Active Exploitation

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability in Erlang/OTP SSH server implementations that allows attackers to execute arbitrary commands without authentication. The vulnerability, designated as CVE-2025-32433, has been added to CISA… Read more → The post CISA Issues Alert on Erlang/OTP SSH Server RCE Vulnerability Under Active Exploitation appeared first on IT Securi…

CISA Adds Erlang SSH And Roundcube Flaws To Known Exploited Vulnerabilities Catalog - Cybernoz - Cybersecurity News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below – CVE-2025-32433 (CVSS score: 10.0) – A missing authentication for a critical Source link The post CISA Adds Erlang SSH and Roundcub…

CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog

The US cybersecurity agency CISA has added two critical vulnerabilities to the known exploitation directory: Erlang/OTP SSH server remote code execution vulnerability (CVE-2025-32433) and Roundcube XSS vulnerability (CVE-2024-42009), both of which have been fixed. At the same time, it was found that the WordPress plugin PayU CommercePro has a high-risk account takeover vulnerability (CVE-2025-31022), and users are advised to disable it until it …