CISA Updates Known Exploited Vulnerabilities Catalog with Erlang SSH and Roundcube Flaws
TL;DR
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical security flaws affecting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, actively being exploited, highlight the urgent need for organizations to apply the necessary patches.
CISA Adds Critical Security Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday the addition of two critical security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These flaws affect Erlang/Open Telecom Platform (OTP) SSH and Roundcube, and evidence indicates that they are actively being exploited1.
Vulnerabilities Overview
The vulnerabilities in question are:
- CVE-2025-32433 (CVSS score: 10.0): A missing authentication for a critical function in Erlang/OTP SSH.
- CVE-2025-32434 (CVSS score: 9.8): An improper input validation flaw in Roundcube.
The inclusion of these vulnerabilities in the KEV catalog underscores the urgent need for organizations to prioritize patching these flaws to mitigate potential risks.
For further technical details and mitigation strategies, refer to the full article: source.
Conclusion
The addition of these vulnerabilities to the KEV catalog serves as a reminder of the ongoing threat landscape and the importance of proactive cybersecurity measures. Organizations are urged to stay vigilant and ensure that their systems are updated promptly to address these critical flaws.
-
The Hacker News (2025). “CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog”. The Hacker News. Retrieved 2025-06-10. ↩︎