As cybersecurity agencies routinely monitor emerging threats, the Cybersecurity and Infrastructure Security Agency’s recent addition of two critical vulnerabilities to its Known Exploited Vulnerabilities Catalog signals an immediate and substantial risk to enterprise security infrastructure. On June 9, 2025, CISA incorporated CVE-2025-32433 and CVE-2024-42009 into its KEV Catalog following confirmed evidence of active exploitation targeting Erlang/OTP SSH servers and RoundCube Webmail systems.
The Erlang SSH vulnerability, designated CVE-2025-32433, presents a severe authentication bypass flaw with a critical 10.0 CVSS score. This missing authentication vulnerability permits attackers to execute arbitrary commands without valid credentials, allowing SSH protocol message transmission before authentication completion. The vulnerability, disclosed on April 16, 2025, affects systems running SSH daemons with raised privileges, potentially resulting in complete system compromise.
Security researchers developed functional exploits within 24 hours of disclosure, with proof-of-concept code afterward published on Github, accelerating widespread exploitation capabilities.
CVE-2024-42009 targets RoundCube Webmail installations through a cross-site scripting vulnerability carrying a 9.3 CVSS score. Remote attackers exploit desanitization issues in program/actions/mail/show.php to steal and transmit victim emails via crafted messages. Security analysts have potentially connected this vulnerability’s exploitation to APT28, a Russia-linked threat actor historically focused on governmental targets. The flaw received patches in August 2024 across versions 1.6.8 and 1.5.8.
Federal agencies face mandatory remediation requirements under Binding Operational Directive 22-01, which establishes specific timelines for addressing KEV-listed vulnerabilities. Federal Civilian Executive Branch organizations must prioritize these patches to maintain compliance with cybersecurity directives designed to protect government networks against active threats.
Organizations operating affected systems confront risks extending beyond data breaches, including unauthorized access to sensitive information, system resource manipulation, and denial-of-service attacks. Systems running Erlang/OTP SSH implementations should assume compromise potential exists until proper remediation occurs. Multiple Cisco products utilizing Erlang/OTP components remain vulnerable to this critical authentication bypass flaw. Third-party software vendors like Ericsson, National Instruments, Broadcom, and Apache Software Foundation have not automatically applied security patches to their Erlang/OTP SSH-dependent products.
The rapid exploit development timeline, combined with confirmed active exploitation, necessitates immediate assessment and patching procedures across enterprise environments to prevent unauthorized network access and potential lateral movement by malicious actors.
