Advanced

Remote Code Execution in Erlang: What You Should Know

CVE-2025-32433 is a maximum-severity (CVSS 10.0), unauthenticated, pre-authentication remote code execution vulnerability in the SSH daemon bundled with Erlang/OTP. The flaw stems from in...

Erlang is a functional, dynamically typed programming language created at Ericsson in the late 1980s. It was designed from the outset to build highly available telecom switches, and its runtime model reflects that goal: lightweight processes, message passing, and "let it crash" fault isolation.

OTP (Open Telecom Platform) originally referred to a specific product built on top of Erlang, but the name is now used far more broadly. Today "OTP" encompasses the entire Erlang ecosystem: the language itself, plus a standard library and a set of design principles for building fault-tolerant systems. Under the OTP model, a crash in one component is isolated from the rest of the system and automatically restarted by a supervising process, rather than bringing down the whole application.

Because of this heritage, Erlang/OTP is rarely something engineering teams think about day-to-day, yet it quietly powers a significant amount of production infrastructure — often underneath application code rather than as a visible dependency.

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

3 sections
  1. 1 Table of Contents
  2. 2 Module 1: The Erlang/OTP SSH Remote Code Execution Vulnerability
  3. 3 Summary

More Vulnerability Briefings courses

View all 30

Interested in this course?

Contact us to book it or get a custom training plan for your team.