Search criteria
9 vulnerabilities
CVE-2025-48044 (GCVE-0-2025-48044)
Vulnerability from cvelistv5 – Published: 2025-10-17 13:52 – Updated: 2025-10-21 03:28
VLAI?
Summary
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2.
This issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ash-project | ash |
Affected:
pkg:hex/ash@3.6.3 , < pkg:hex/ash@3.7.1
(purl)
Affected: 3.6.3 , < 3.7.1 (semver) Affected: 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 , < 8b83efa225f657bfc3656ad8ee8485f9b2de923d (git) cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:* |
Credits
Jechol Lee
Jechol Lee
Jonatan Männchen
Zach Daniel
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T18:42:50.579615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T18:42:54.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ash-project/ash/security/advisories/GHSA-pcxq-fjp3-r752"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.hex.pm",
"cpes": [
"cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"packageName": "ash",
"product": "ash",
"programFiles": [
"lib/ash/policy/policy.ex"
],
"programRoutines": [
{
"name": "\u0027Elixir.Ash.Policy.Policy\u0027:expression/2"
}
],
"repo": "https://github.com/ash-project/ash",
"vendor": "ash-project",
"versions": [
{
"lessThan": "pkg:hex/ash@3.7.1",
"status": "affected",
"version": "pkg:hex/ash@3.6.3",
"versionType": "purl"
},
{
"lessThan": "3.7.1",
"status": "affected",
"version": "3.6.3",
"versionType": "semver"
},
{
"lessThan": "8b83efa225f657bfc3656ad8ee8485f9b2de923d",
"status": "affected",
"version": "79749c2685ea031ebb2de8cf60cc5edced6a8dd0",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.7.1",
"versionStartIncluding": "3.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jechol Lee"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jechol Lee"
},
{
"lang": "en",
"type": "analyst",
"value": "Jonatan M\u00e4nnchen"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Zach Daniel"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/ash/policy/policy.ex\u003c/tt\u003e and program routines \u003ctt\u003e\u0027Elixir.Ash.Policy.Policy\u0027:expression/2\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines \u0027Elixir.Ash.Policy.Policy\u0027:expression/2.\n\nThis issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T03:28:19.832Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/ash-project/ash/security/advisories/GHSA-pcxq-fjp3-r752"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ash-project/ash/commit/8b83efa225f657bfc3656ad8ee8485f9b2de923d"
}
],
"source": {
"discovery": "USER"
},
"title": "Authorization bypass when bypass policy condition evaluates to true",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2025-48044",
"datePublished": "2025-10-17T13:52:53.644Z",
"dateReserved": "2025-05-15T08:40:25.455Z",
"dateUpdated": "2025-10-21T03:28:19.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48043 (GCVE-0-2025-48043)
Vulnerability from cvelistv5 – Published: 2025-10-10 15:57 – Updated: 2025-10-11 03:18
VLAI?
Summary
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strict_filters/2.
This issue affects ash: from pkg:hex/ash@0 before pkg:hex/ash@3.6.2, before 3.6.2, before 66d81300065b970da0d2f4528354835d2418c7ae.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ash-project | ash |
Affected:
pkg:hex/ash@0 , < pkg:hex/ash@3.6.2
(purl)
Affected: 0 , < 3.6.2 (semver) Affected: 0 , < 66d81300065b970da0d2f4528354835d2418c7ae (git) cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:* |
Credits
Zach Daniel
Jonatan Männchen
Jonatan Männchen
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T16:33:21.270063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T16:45:42.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.hex.pm",
"cpes": [
"cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"packageName": "ash",
"product": "ash",
"programFiles": [
"lib/ash/policy/authorizer/authorizer.ex"
],
"programRoutines": [
{
"name": "\u0027Elixir.Ash.Policy.Authorizer\u0027:strict_filters/2"
}
],
"repo": "https://github.com/ash-project/ash",
"vendor": "ash-project",
"versions": [
{
"lessThan": "pkg:hex/ash@3.6.2",
"status": "affected",
"version": "pkg:hex/ash@0",
"versionType": "purl"
},
{
"lessThan": "3.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "66d81300065b970da0d2f4528354835d2418c7ae",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "remediation reviewer",
"value": "Zach Daniel"
},
{
"lang": "en",
"type": "reporter",
"value": "Jonatan M\u00e4nnchen"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jonatan M\u00e4nnchen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/ash/policy/authorizer/authorizer.ex\u003c/tt\u003e and program routines \u003ctt\u003e\u0027Elixir.Ash.Policy.Authorizer\u0027:strict_filters/2\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects ash: from pkg:hex/ash@0 before pkg:hex/ash@3.6.2, before 3.6.2, before 66d81300065b970da0d2f4528354835d2418c7ae.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines \u0027Elixir.Ash.Policy.Authorizer\u0027:strict_filters/2.\n\nThis issue affects ash: from pkg:hex/ash@0 before pkg:hex/ash@3.6.2, before 3.6.2, before 66d81300065b970da0d2f4528354835d2418c7ae."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-11T03:18:31.221Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/ash-project/ash/security/advisories/GHSA-7r7f-9xpj-jmr7"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ash-project/ash/commit/66d81300065b970da0d2f4528354835d2418c7ae"
}
],
"source": {
"discovery": "USER"
},
"title": "Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2025-48043",
"datePublished": "2025-10-10T15:57:29.225Z",
"dateReserved": "2025-05-15T08:40:25.455Z",
"dateUpdated": "2025-10-11T03:18:31.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48041 (GCVE-0-2025-48041)
Vulnerability from cvelistv5 – Published: 2025-09-11 08:14 – Updated: 2025-09-12 03:19
VLAI?
Summary
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.
This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
Jakub Witczak
Ingela Andin
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T13:30:20.449625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T14:36:24.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"modules": [
"ssh_sftp"
],
"packageName": "ssh",
"product": "OTP",
"programFiles": [
"lib/ssh/src/ssh_sftpd.erl"
],
"repo": "https://github.com/erlang/otp",
"vendor": "Erlang",
"versions": [
{
"changes": [
{
"at": "pkg:otp/ssh@5.3.3",
"status": "unaffected"
},
{
"at": "pkg:otp/ssh@5.2.11.3",
"status": "unaffected"
},
{
"at": "pkg:otp/ssh@5.1.4.12",
"status": "unaffected"
}
],
"lessThan": "pkg:otp/ssh@*",
"status": "affected",
"version": "pkg:otp/ssh@3.0.1",
"versionType": "purl"
},
{
"changes": [
{
"at": "28.0.3",
"status": "unaffected"
},
{
"at": "27.3.4.3",
"status": "unaffected"
},
{
"at": "26.2.5.15",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "17.0",
"versionType": "otp"
},
{
"changes": [
{
"at": "5f9af63eec4657a37663828d206517828cb9f288",
"status": "unaffected"
},
{
"at": "d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "07b8f441ca711f9812fad9e9115bab3c3aa92f79",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.2.5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "27.3.4.3",
"versionStartIncluding": "27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "28.0.3",
"versionStartIncluding": "28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Jakub Witczak"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Ingela Andin"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/ssh/src/ssh_sftpd.erl\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.\u003c/p\u003e"
}
],
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
},
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T03:19:05.890Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3"
},
{
"tags": [
"x_version-scheme"
],
"url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/pull/10157"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003edisabling SFTP\u003ctt\u003e\u003c/tt\u003e\u003c/li\u003e\u003cli\u003elimiting number of \u003ctt\u003emax_sessions\u003c/tt\u003e allowed for \u003ctt\u003esshd\u003c/tt\u003e, so exploiting becomes more complicated\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "* disabling SFTP\n * limiting number of max_sessions allowed for sshd, so exploiting becomes more complicated"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2025-48041",
"datePublished": "2025-09-11T08:14:20.508Z",
"dateReserved": "2025-05-15T08:40:25.455Z",
"dateUpdated": "2025-09-12T03:19:05.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48040 (GCVE-0-2025-48040)
Vulnerability from cvelistv5 – Published: 2025-09-11 08:14 – Updated: 2025-09-12 03:19
VLAI?
Summary
Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.
This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
Jakub Witczak
Ingela Andin
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T13:30:33.529743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T14:36:29.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"modules": [
"ssh_sftp"
],
"packageName": "ssh",
"product": "OTP",
"programFiles": [
"lib/ssh/src/ssh_sftpd.erl"
],
"repo": "https://github.com/erlang/otp",
"vendor": "Erlang",
"versions": [
{
"changes": [
{
"at": "pkg:otp/ssh@5.3.3",
"status": "unaffected"
},
{
"at": "pkg:otp/ssh@5.2.11.3",
"status": "unaffected"
},
{
"at": "pkg:otp/ssh@5.1.4.12",
"status": "unaffected"
}
],
"lessThan": "pkg:otp/ssh@*",
"status": "affected",
"version": "pkg:otp/ssh@3.0.1",
"versionType": "purl"
},
{
"changes": [
{
"at": "28.0.3",
"status": "unaffected"
},
{
"at": "27.3.4.3",
"status": "unaffected"
},
{
"at": "26.2.5.15",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "17.0",
"versionType": "otp"
},
{
"changes": [
{
"at": "7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a",
"status": "unaffected"
},
{
"at": "548f1295d86d0803da884db8685cc16d461d0d5a",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "07b8f441ca711f9812fad9e9115bab3c3aa92f79",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.2.5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "27.3.4.3",
"versionStartIncluding": "27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "28.0.3",
"versionStartIncluding": "28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Jakub Witczak"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Ingela Andin"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/ssh/src/ssh_sftpd.erl\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.\u003c/p\u003e"
}
],
"value": "Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
},
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T03:19:04.361Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph"
},
{
"tags": [
"x_version-scheme"
],
"url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/pull/10162"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Malicious Key Exchange Messages may Lead to Excessive Resource Consumption",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003eset option \u003ctt\u003eparallel_login\u003c/tt\u003e to \u003ctt\u003efalse\u003c/tt\u003e\u003c/li\u003e\u003cli\u003ereduce \u003ctt\u003emax_sessions\u003c/tt\u003e option\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "* set option parallel_login to false\n * reduce max_sessions option"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2025-48040",
"datePublished": "2025-09-11T08:14:19.671Z",
"dateReserved": "2025-05-15T08:40:25.455Z",
"dateUpdated": "2025-09-12T03:19:04.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48039 (GCVE-0-2025-48039)
Vulnerability from cvelistv5 – Published: 2025-09-11 08:13 – Updated: 2025-09-12 03:19
VLAI?
Summary
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.
This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
Jakub Witczak
Ingela Andin
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T13:30:44.440721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T14:36:34.852Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"modules": [
"ssh_sftp"
],
"packageName": "ssh",
"product": "OTP",
"programFiles": [
"lib/ssh/src/ssh_sftpd.erl"
],
"repo": "https://github.com/erlang/otp",
"vendor": "Erlang",
"versions": [
{
"changes": [
{
"at": "pkg:otp/ssh@5.3.3",
"status": "unaffected"
},
{
"at": "pkg:otp/ssh@5.2.11.3",
"status": "unaffected"
},
{
"at": "pkg:otp/ssh@5.1.4.12",
"status": "unaffected"
}
],
"lessThan": "pkg:otp/ssh@*",
"status": "affected",
"version": "pkg:otp/ssh@3.0.1",
"versionType": "purl"
},
{
"changes": [
{
"at": "28.0.3",
"status": "unaffected"
},
{
"at": "27.3.4.3",
"status": "unaffected"
},
{
"at": "26.2.5.15",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "17.0",
"versionType": "otp"
},
{
"changes": [
{
"at": "c242e6458967e9514bea351814151695807a54ac",
"status": "unaffected"
},
{
"at": "043ee3c943e2977c1acdd740ad13992fd60b6bf0",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "07b8f441ca711f9812fad9e9115bab3c3aa92f79",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.2.5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "27.3.4.3",
"versionStartIncluding": "27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "28.0.3",
"versionStartIncluding": "28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Jakub Witczak"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Ingela Andin"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/ssh/src/ssh_sftpd.erl\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.\u003c/p\u003e"
}
],
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
},
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T03:19:09.907Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-rr5p-6856-j7h8"
},
{
"tags": [
"x_version-scheme"
],
"url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/pull/10155"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/c242e6458967e9514bea351814151695807a54ac"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/043ee3c943e2977c1acdd740ad13992fd60b6bf0"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unverified Paths can Cause Excessive Use of System Resources",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003eDisable \u003ctt\u003esftp\u003c/tt\u003e\u003c/li\u003e\u003cli\u003elimiting number of \u003ctt\u003emax_sessions\u003c/tt\u003e allowed for \u003ctt\u003esshd\u003c/tt\u003e, so exploiting becomes more complicated\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "* Disable sftp\n * limiting number of max_sessions allowed for sshd, so exploiting becomes more complicated"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2025-48039",
"datePublished": "2025-09-11T08:13:36.878Z",
"dateReserved": "2025-05-15T08:36:04.576Z",
"dateUpdated": "2025-09-12T03:19:09.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48038 (GCVE-0-2025-48038)
Vulnerability from cvelistv5 – Published: 2025-09-11 08:13 – Updated: 2025-09-12 03:19
VLAI?
Summary
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.
This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
Jakub Witczak
Ingela Andin
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T13:30:56.648005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T14:36:40.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"modules": [
"ssh_sftp"
],
"packageName": "ssh",
"product": "OTP",
"programFiles": [
"lib/ssh/src/ssh_sftpd.erl"
],
"repo": "https://github.com/erlang/otp",
"vendor": "Erlang",
"versions": [
{
"changes": [
{
"at": "pkg:otp/ssh@5.3.3",
"status": "unaffected"
},
{
"at": "pkg:otp/ssh@5.2.11.3",
"status": "unaffected"
},
{
"at": "pkg:otp/ssh@5.1.4.12",
"status": "unaffected"
}
],
"lessThan": "pkg:otp/ssh@*",
"status": "affected",
"version": "pkg:otp/ssh@3.0.1",
"versionType": "purl"
},
{
"changes": [
{
"at": "28.0.3",
"status": "unaffected"
},
{
"at": "27.3.4.3",
"status": "unaffected"
},
{
"at": "26.2.5.15",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "17.0",
"versionType": "otp"
},
{
"changes": [
{
"at": "4e3bf86777ab3db7220c11d8ddabf15970ddd10a",
"status": "unaffected"
},
{
"at": "f09e0201ff701993dc24a08f15e524daf72db42f",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "07b8f441ca711f9812fad9e9115bab3c3aa92f79",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.2.5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "27.3.4.3",
"versionStartIncluding": "27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "28.0.3",
"versionStartIncluding": "28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Jakub Witczak"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Ingela Andin"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/ssh/src/ssh_sftpd.erl\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.\u003c/p\u003e"
}
],
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
},
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T03:19:08.401Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-pvj7-9652-7h9r"
},
{
"tags": [
"x_version-scheme"
],
"url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/pull/10156"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/4e3bf86777ab3db7220c11d8ddabf15970ddd10a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/f09e0201ff701993dc24a08f15e524daf72db42f"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unverified File Handles can Cause Excessive Use of System Resources",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003eDisable \u003ctt\u003esftp\u003c/tt\u003e\u003c/li\u003e\u003cli\u003elimiting number of \u003ctt\u003emax_sessions\u003c/tt\u003e allowed for \u003ctt\u003esshd\u003c/tt\u003e, so exploiting becomes more complicated\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "* Disable sftp\n * limiting number of max_sessions allowed for sshd, so exploiting becomes more complicated"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2025-48038",
"datePublished": "2025-09-11T08:13:04.030Z",
"dateReserved": "2025-05-15T08:36:04.576Z",
"dateUpdated": "2025-09-12T03:19:08.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48042 (GCVE-0-2025-48042)
Vulnerability from cvelistv5 – Published: 2025-09-07 16:01 – Updated: 2025-09-09 03:24
VLAI?
Summary
Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routines 'Elixir.Ash.Actions.Create.Bulk':run/5, 'Elixir.Ash.Actions.Destroy.Bulk':run/6, 'Elixir.Ash.Actions.Update.Bulk:run'/6.
This issue affects ash: from pkg:hex/ash before pkg:hex/ash@3.5.39, before 3.5.39, before 5d1b6a5d00771fd468a509778637527b5218be9a.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ash-project | ash |
Affected:
pkg:hex/ash@0 , < pkg:hex/ash@3.5.39
(purl)
Affected: 0 , < 3.5.39 (semver) Affected: 0 , < 5d1b6a5d00771fd468a509778637527b5218be9a (git) cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:* |
Credits
Zach Daniel
Jonatan Männchen
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T18:54:54.599381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T18:55:11.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.hex.pm",
"cpes": [
"cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"packageName": "ash",
"product": "ash",
"programFiles": [
"lib/ash/actions/create/bulk.ex",
"lib/ash/actions/destroy/bulk.ex",
"lib/ash/actions/update/bulk.ex"
],
"programRoutines": [
{
"name": "\u0027Elixir.Ash.Actions.Create.Bulk\u0027:run/5"
},
{
"name": "\u0027Elixir.Ash.Actions.Destroy.Bulk\u0027:run/6"
},
{
"name": "\u0027Elixir.Ash.Actions.Update.Bulk\u0027:run/6"
}
],
"repo": "https://github.com/ash-project/ash",
"vendor": "ash-project",
"versions": [
{
"lessThan": "pkg:hex/ash@3.5.39",
"status": "affected",
"version": "pkg:hex/ash@0",
"versionType": "purl"
},
{
"lessThan": "3.5.39",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5d1b6a5d00771fd468a509778637527b5218be9a",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.39",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Zach Daniel"
},
{
"lang": "en",
"type": "analyst",
"value": "Jonatan M\u00e4nnchen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/ash/actions/create/bulk.ex\u003c/tt\u003e, \u003ctt\u003elib/ash/actions/destroy/bulk.ex\u003c/tt\u003e, \u003ctt\u003elib/ash/actions/update/bulk.ex\u003c/tt\u003e and program routines \u003ctt\u003e\u0027Elixir.Ash.Actions.Create.Bulk\u0027:run/5\u003c/tt\u003e, \u003ctt\u003e\u0027Elixir.Ash.Actions.Destroy.Bulk\u0027:run/6\u003c/tt\u003e, \u003ctt\u003e\u0027Elixir.Ash.Actions.Update.Bulk\u0027:run/6\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects ash: from pkg:hex/ash before pkg:hex/ash@3.5.39, before 3.5.39, before 5d1b6a5d00771fd468a509778637527b5218be9a.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routines \u0027Elixir.Ash.Actions.Create.Bulk\u0027:run/5, \u0027Elixir.Ash.Actions.Destroy.Bulk\u0027:run/6, \u0027Elixir.Ash.Actions.Update.Bulk:run\u0027/6.\n\nThis issue affects ash: from pkg:hex/ash before pkg:hex/ash@3.5.39, before 3.5.39, before 5d1b6a5d00771fd468a509778637527b5218be9a."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T03:24:04.033Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/ash-project/ash/security/advisories/GHSA-jj4j-x5ww-cwh9"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ash-project/ash/commit/5d1b6a5d00771fd468a509778637527b5218be9a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Before action hooks may execute in certain scenarios despite a request being forbidden",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2025-48042",
"datePublished": "2025-09-07T16:01:01.470Z",
"dateReserved": "2025-05-15T08:40:25.455Z",
"dateUpdated": "2025-09-09T03:24:04.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4754 (GCVE-0-2025-4754)
Vulnerability from cvelistv5 – Published: 2025-06-17 14:31 – Updated: 2025-09-02 15:59
VLAI?
Summary
Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex.
This issue affects ash_authentication_phoenix until 2.10.0.
Severity ?
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ash-project | ash_authentication_phoenix |
Affected:
pkg:hex/ash_authentication_phoenix@0 , < pkg:hex/ash_authentication_phoenix@2.10.0
(purl)
Affected: 0 , < 2.10.0 (semver) Affected: 0 , < a3253fb4fc7145aeb403537af1c24d3a8d51ffb1 (git) cpe:2.3:a:team-alembic:ash_authentication_phoenix:*:*:*:*:*:*:*:* |
Credits
James Harton
Zach Daniel
Mike Buhot
Jonatan Männchen
Josh Price
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T14:40:37.216297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:41:09.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.hex.pm",
"cpes": [
"cpe:2.3:a:team-alembic:ash_authentication_phoenix:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"packageName": "ash_authentication_phoenix",
"product": "ash_authentication_phoenix",
"programFiles": [
"lib/ash_authentication_phoenix/controller.ex"
],
"repo": "https://github.com/team-alembic/ash_authentication_phoenix",
"vendor": "ash-project",
"versions": [
{
"lessThan": "pkg:hex/ash_authentication_phoenix@2.10.0",
"status": "affected",
"version": "pkg:hex/ash_authentication_phoenix@0",
"versionType": "purl"
},
{
"lessThan": "2.10.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "a3253fb4fc7145aeb403537af1c24d3a8d51ffb1",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:team-alembic:ash_authentication_phoenix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "remediation reviewer",
"value": "James Harton"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Zach Daniel"
},
{
"lang": "en",
"type": "analyst",
"value": "Mike Buhot"
},
{
"lang": "en",
"type": "analyst",
"value": "Jonatan M\u00e4nnchen"
},
{
"lang": "en",
"type": "analyst",
"value": "Josh Price"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/ash_authentication_phoenix/controller.ex\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects ash_authentication_phoenix until 2.10.0.\u003c/p\u003e"
}
],
"value": "Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex.\n\nThis issue affects ash_authentication_phoenix until 2.10.0."
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T15:59:56.541Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/team-alembic/ash_authentication_phoenix/security/advisories/GHSA-f7gq-h8jv-h3cq"
},
{
"tags": [
"patch"
],
"url": "https://github.com/team-alembic/ash_authentication_phoenix/pull/634"
},
{
"tags": [
"patch"
],
"url": "https://github.com/team-alembic/ash_authentication_phoenix/commit/a3253fb4fc7145aeb403537af1c24d3a8d51ffb1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Session Revocation on Logout in ash_authentication_phoenix",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2025-4754",
"datePublished": "2025-06-17T14:31:37.006Z",
"dateReserved": "2025-05-15T09:03:11.355Z",
"dateUpdated": "2025-09-02T15:59:56.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4748 (GCVE-0-2025-4748)
Vulnerability from cvelistv5 – Published: 2025-06-16 11:00 – Updated: 2025-09-02 15:59
VLAI?
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed.
This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
Credits
Wander Nauta
Lukas Backström
Björn Gustavsson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T15:10:47.019511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T15:33:34.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-06-16T20:03:21.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/16/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"modules": [
"stdlib"
],
"product": "OTP",
"programFiles": [
"lib/stdlib/src/zip.erl"
],
"programRoutines": [
{
"name": "zip:unzip/1"
},
{
"name": "zip:unzip/2"
},
{
"name": "zip:extract/1"
},
{
"name": "zip:extract/2"
}
],
"repo": "https://github.com/erlang/otp",
"vendor": "Erlang",
"versions": [
{
"changes": [
{
"at": "pkg:otp/stdlib@7.0.1",
"status": "unaffected"
},
{
"at": "pkg:otp/stdlib@6.2.2.1",
"status": "unaffected"
},
{
"at": "pkg:otp/stdlib@5.2.3.4",
"status": "unaffected"
}
],
"lessThan": "pkg:otp/stdlib@*",
"status": "affected",
"version": "pkg:otp/stdlib@2.0",
"versionType": "purl"
},
{
"changes": [
{
"at": "28.0.1",
"status": "unaffected"
},
{
"at": "27.3.4.1",
"status": "unaffected"
},
{
"at": "26.2.5.13",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "17.0",
"versionType": "otp"
},
{
"changes": [
{
"at": "d9454dbccbaaad4b8796095c8e653b71b066dfaf",
"status": "unaffected"
},
{
"at": "9b7b5431260e05a16eec3ecd530a232d0995d932",
"status": "unaffected"
},
{
"at": "0ac548b57c0491196c27e39518b5f6acf9326c1e",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "07b8f441ca711f9812fad9e9115bab3c3aa92f79",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.2.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "27.3.4.1",
"versionStartIncluding": "27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "28.0.1",
"versionStartIncluding": "28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wander Nauta"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lukas Backstr\u00f6m"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Bj\u00f6rn Gustavsson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/stdlib/src/zip.erl\u003c/tt\u003e and program routines \u003ctt\u003ezip:unzip/1\u003c/tt\u003e, \u003ctt\u003ezip:unzip/2\u003c/tt\u003e, \u003ctt\u003ezip:extract/1\u003c/tt\u003e, \u003ctt\u003ezip:extract/2\u003c/tt\u003e\u003ctt\u003e\u0026nbsp;\u003c/tt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eunless the \u003ctt\u003ememory\u003c/tt\u003e option is passed.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects OTP from OTP 17.0 until OTP\u0026nbsp;28.0.1, OTP\u0026nbsp;27.3.4.1 and OTP\u0026nbsp;26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2\u00a0unless the memory option is passed.\n\nThis issue affects OTP from OTP 17.0 until OTP\u00a028.0.1, OTP\u00a027.3.4.1 and OTP\u00a026.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4."
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-597 Absolute Path Traversal"
}
]
},
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T15:59:55.774Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc"
},
{
"tags": [
"x_version-scheme"
],
"url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/pull/9941"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5"
}
],
"source": {
"discovery": "USER"
},
"title": "Absolute path traversal in zip:unzip/1,2",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eYou can use \u003c/span\u003e\u003ccode\u003ezip:list_dir/1\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;on the archive and verify that no files contain absolute paths before extracting the archive to disk.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "You can use zip:list_dir/1\u00a0on the archive and verify that no files contain absolute paths before extracting the archive to disk."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2025-4748",
"datePublished": "2025-06-16T11:00:54.643Z",
"dateReserved": "2025-05-15T08:36:54.783Z",
"dateUpdated": "2025-09-02T15:59:55.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}