Resource Consumption Vulnerability in Erlang OTP SSH Modules
CVE-2025-48040

6.9MEDIUM

Key Information:

Vendor

Erlang

Status
Otp
Vendor
CVE Published:
11 September 2025

What is CVE-2025-48040?

The vulnerability presents a risk of uncontrolled resource consumption within Erlang OTP's SSH module, specifically affecting the ssh_sftp files. It can lead to excessive resource allocation or flooding, potentially exhausting system resources and causing performance degradation. Versions from OTP 17.0 up through 28.0.3, including specific releases of OTP 27.3.4.3 and 26.2.5.15 are vulnerable. Users are advised to review the provided patches and upgrade their systems to safeguard against potential exploitation.

Affected Version(s)

OTP pkg:otp/[email protected]

OTP 17.0

OTP 07b8f441ca711f9812fad9e9115bab3c3aa92f79

References

https://github.com/erlang/otp/security/advisories/GHSA-h7...
vendor-advisory
https://www.erlang.org/doc/system/versions.html#order-of-...
x_version-scheme
https://github.com/erlang/otp/pull/10162
patch

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jakub Witczak
Ingela Andin
.
CVE-2025-48040 : Resource Consumption Vulnerability in Erlang OTP SSH Modules