Resource Leak Exposure in Erlang OTP SSH Modules from Erlang Solutions
CVE-2025-48038

5.3MEDIUM

Key Information:

Vendor: Erlang
Status: Otp
Vendor: CVE Published:; 11 September 2025

🔔 Create Erlang Vulnerability Alert

What is CVE-2025-48038?

A vulnerability in the SSH SFTP modules of Erlang OTP allows for an allocation of resources without proper limits, leading to a potential resource leak. This issue impacts users from OTP versions 17.0 to 28.0.3 and specific versions of the SSH library, posing risks to system stability through excessive resource consumption.

Affected Version(s)

OTP pkg:otp/[email protected]

OTP 17.0

OTP 07b8f441ca711f9812fad9e9115bab3c3aa92f79

References

https://github.com/erlang/otp/security/advisories/GHSA-pv...

vendor-advisory

https://www.erlang.org/doc/system/versions.html#order-of-...

x_version-scheme

https://github.com/erlang/otp/pull/10156

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
May 15, 2025

Credit

Jakub Witczak

Ingela Andin

.