Resource Leak Vulnerability in Erlang OTP SFTP Modules
CVE-2025-48039

5.3MEDIUM

Key Information:

Vendor

Erlang

Status
Otp
Vendor
CVE Published:
11 September 2025

What is CVE-2025-48039?

A resource leak vulnerability has been identified in the Erlang OTP system, specifically within the ssh_sftp modules. This flaw facilitates excessive resource allocation, potentially leading to resource exhaustion and leaks. Such vulnerabilities can adversely impact system stability and performance, making it crucial for users running affected versions, from OTP 17.0 up to 28.0.3, to apply necessary patches to mitigate risks associated with this security issue.

Affected Version(s)

OTP pkg:otp/[email protected]

OTP 17.0

OTP 07b8f441ca711f9812fad9e9115bab3c3aa92f79

References

https://github.com/erlang/otp/security/advisories/GHSA-rr...
vendor-advisory
https://www.erlang.org/doc/system/versions.html#order-of-...
x_version-scheme
https://github.com/erlang/otp/pull/10155
patch

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jakub Witczak
Ingela Andin
.
CVE-2025-48039 : Resource Leak Vulnerability in Erlang OTP SFTP Modules