Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server: April 2025

cisco-sa-erlang-otp-ssh-xyZZy · Critical · Published · Updated

On April 16, 2025, a critical vulnerability in the Erlang/OTP SSH server was disclosed. This vulnerability could allow an unauthenticated, remote attacker to perform remote code execution (RCE) on an affected device. The vulnerability is due to a flaw in the handling of SSH messages during the authentication phase. For a description of this vulnerability, see the Erlang announcement. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy

Cisco advisory · CSAF JSON

Workarounds

Any workarounds will be documented in the product-specific Cisco bugs, which are identified in the Vulnerable Products ["#vp"] section of this advisory.

CVEsCVE-2025-32433
Cisco Bug IDsNA
CVSS ScoreBase 10.0
Base 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Small Business RV Series Router Firmware, Cisco Secure Web Appliance, Cisco ASR 5000 Series Software, Cisco Network Services Orchestrator, Cisco Enterprise NFV Infrastructure Software, Cisco Cloud Native Broadband Router, Cisco ConfD, Cisco Redundancy Configuration Manager, Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure, Cisco Ultra Gateway Platform, Cisco Smart PHY, Cisco Intelligent Node Manager, Cisco Ultra Cloud Core - Policy Control Function, Cisco Ultra Cloud Core - Session Management Function, Cisco Automated Fault Management

Related Products

Product CVE Evidence
Cisco Ultra Gateway Platform CVE-2025-32433 Cisco OpenVuln
Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure CVE-2025-32433 Cisco OpenVuln
Cisco Ultra Cloud Core - Session Management Function CVE-2025-32433 Cisco OpenVuln
Cisco Ultra Cloud Core - Policy Control Function CVE-2025-32433 Cisco OpenVuln
Cisco Smart PHY CVE-2025-32433 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2025-32433 Cisco OpenVuln
Cisco Secure Web Appliance CVE-2025-32433 Cisco OpenVuln
Cisco Redundancy Configuration Manager CVE-2025-32433 Cisco OpenVuln
Cisco Network Services Orchestrator CVE-2025-32433 Cisco OpenVuln
Cisco Intelligent Node Manager CVE-2025-32433 Cisco OpenVuln
Cisco Enterprise NFV Infrastructure Software CVE-2025-32433 Cisco OpenVuln
Cisco ConfD CVE-2025-32433 Cisco OpenVuln
Cisco Cloud Native Broadband Router CVE-2025-32433 Cisco OpenVuln
Cisco Automated Fault Management CVE-2025-32433 Cisco OpenVuln
Cisco ASR 5000 Series Software CVE-2025-32433 Cisco OpenVuln