Erlang/OTP 25.3.2.20

This release of Erlang/OTP can be built from source or installed using pre-built packages for your OS or third-party tools (such as kerl, asdf or mise).

docker run -it erlang:25.3.2.20
Erlang/OTP 25.3.2.20
View on github.com
Patch Package OTP 25.3.2.20
Git Tag OTP-25.3.2.20
Date 2025-04-16
Issue Id
CVE-2025-32433
System OTP
Release 25
Application

ssh-4.15.3.12 #

The ssh-4.15.3.12 application can be applied independently of other applications on a full OTP 25 installation.

OTP-19582
Application(s):
ssh
Related Id(s):
PR-9679

Reception of wrong Unicode does not cause unnecessary processing. US-ASCII fields are not decoded as Unicode.

OTP-19595
Application(s):
ssh
Related Id(s):
CVE-2025-32433

SSH daemon disconnects upon receiving connection protocol message for unauthenticated used.

Thanks to Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, Nurullah Erinola, Jörg Schwenk (Ruhr University Bochum).

Full runtime dependencies of ssh-4.15.3.12: crypto-5.0, erts-11.0, kernel-6.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15