CVE-2025-32433: Unauthenticated RCE Vulnerability in Erlang/OTP’s SSH Implementation

A critical unauthenticated remote code execution vulnerability (CVE-2025-32433, CVSS 10.0) was disclosed in the Erlang/OTP SSH server that lets attackers send out-of-order SSH messages during the handshake to execute arbitrary commands with the SSH daemon's privileges. Public PoCs appeared quickly, the flaw affects any product embedding OTP's SSH (telecom gear, IoT, RabbitMQ, etc.), and immediate patching or disabling/restricting the OTP SSH service is strongly recommended to prevent full system compromise and likely mass exploitation.