Throttling Vulnerability in Erlang OTP SSH Modules Affects Multiple Versions
CVE-2025-48041

7.1HIGH

Key Information:

Vendor: Erlang
Status: Otp
Vendor: CVE Published:; 11 September 2025

🔔 Create Erlang Vulnerability Alert

What is CVE-2025-48041?

A vulnerability exists within the allocation of resources in the Erlang OTP ssh_sftp modules, which may lead to excessive resource consumption and potential flooding attacks. Affected versions span from Erlang OTP 17.0 through 28.0.3 and include specific patches that address the issue. System administrators should upgrade to the latest versions to mitigate this risk.

Affected Version(s)

OTP pkg:otp/[email protected]

OTP 17.0

OTP 07b8f441ca711f9812fad9e9115bab3c3aa92f79

References

https://github.com/erlang/otp/security/advisories/GHSA-79...

vendor-advisory

https://www.erlang.org/doc/system/versions.html#order-of-...

x_version-scheme

https://github.com/erlang/otp/pull/10157

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
May 15, 2025

Credit

Jakub Witczak

Ingela Andin

.

CVE-2025-48041 : Throttling Vulnerability in Erlang OTP SSH Modules Affects Multiple Versions