CVE-2025-4748 (GCVE-0-2025-4748)
Vulnerability from cvelistv5 – Published: 2025-06-16 11:00 – Updated: 2026-05-27 15:40
VLAI
EPSS
VEX
Title
Absolute path traversal in zip:unzip/1,2
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed.
This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
9 references
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T15:10:47.019511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T15:33:34.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-06-16T20:03:21.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/16/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"modules": [
"stdlib"
],
"packageName": "stdlib",
"packageURL": "pkg:otp/stdlib?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp\u0026vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git",
"product": "OTP",
"programFiles": [
"lib/stdlib/src/zip.erl"
],
"programRoutines": [
{
"name": "zip:unzip/1"
},
{
"name": "zip:unzip/2"
},
{
"name": "zip:extract/1"
},
{
"name": "zip:extract/2"
}
],
"repo": "https://github.com/erlang/otp",
"vendor": "Erlang",
"versions": [
{
"changes": [
{
"at": "7.0.1",
"status": "unaffected"
},
{
"at": "6.2.2.1",
"status": "unaffected"
},
{
"at": "5.2.3.4",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "2.0",
"versionType": "otp"
}
]
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"modules": [
"stdlib"
],
"packageName": "erlang/otp",
"packageURL": "pkg:github/erlang/otp",
"product": "OTP",
"programFiles": [
"lib/stdlib/src/zip.erl"
],
"programRoutines": [
{
"name": "zip:unzip/1"
},
{
"name": "zip:unzip/2"
},
{
"name": "zip:extract/1"
},
{
"name": "zip:extract/2"
}
],
"repo": "https://github.com/erlang/otp",
"vendor": "Erlang",
"versions": [
{
"changes": [
{
"at": "28.0.1",
"status": "unaffected"
},
{
"at": "27.3.4.1",
"status": "unaffected"
},
{
"at": "26.2.5.13",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "17.0",
"versionType": "otp"
},
{
"changes": [
{
"at": "d9454dbccbaaad4b8796095c8e653b71b066dfaf",
"status": "unaffected"
},
{
"at": "9b7b5431260e05a16eec3ecd530a232d0995d932",
"status": "unaffected"
},
{
"at": "0ac548b57c0491196c27e39518b5f6acf9326c1e",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "07b8f441ca711f9812fad9e9115bab3c3aa92f79",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.2.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "27.3.4.1",
"versionStartIncluding": "27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "28.0.1",
"versionStartIncluding": "28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wander Nauta"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lukas Backstr\u00f6m"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Bj\u00f6rn Gustavsson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/stdlib/src/zip.erl\u003c/tt\u003e and program routines \u003ctt\u003ezip:unzip/1\u003c/tt\u003e, \u003ctt\u003ezip:unzip/2\u003c/tt\u003e, \u003ctt\u003ezip:extract/1\u003c/tt\u003e, \u003ctt\u003ezip:extract/2\u003c/tt\u003e\u003ctt\u003e\u0026nbsp;\u003c/tt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eunless the \u003ctt\u003ememory\u003c/tt\u003e option is passed.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects OTP from OTP 17.0 until OTP\u0026nbsp;28.0.1, OTP\u0026nbsp;27.3.4.1 and OTP\u0026nbsp;26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2\u00a0unless the memory option is passed.\n\nThis issue affects OTP from OTP 17.0 until OTP\u00a028.0.1, OTP\u00a027.3.4.1 and OTP\u00a026.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4."
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-597 Absolute Path Traversal"
}
]
},
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T15:40:23.055Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory",
"related"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc"
},
{
"tags": [
"related"
],
"url": "https://cna.erlef.org/cves/CVE-2025-4748.html"
},
{
"tags": [
"related"
],
"url": "https://osv.dev/vulnerability/EEF-CVE-2025-4748"
},
{
"tags": [
"x_version-scheme"
],
"url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/pull/9941"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Absolute path traversal in zip:unzip/1,2",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eYou can use \u003c/span\u003e\u003ccode\u003ezip:list_dir/1\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;on the archive and verify that no files contain absolute paths before extracting the archive to disk.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "You can use zip:list_dir/1\u00a0on the archive and verify that no files contain absolute paths before extracting the archive to disk."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2025-4748",
"datePublished": "2025-06-16T11:00:54.643Z",
"dateReserved": "2025-05-15T08:36:54.783Z",
"dateUpdated": "2026-05-27T15:40:23.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-4748",
"date": "2026-07-15",
"epss": "0.00226",
"percentile": "0.13206"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-4748\",\"sourceIdentifier\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"published\":\"2025-06-16T11:15:18.730\",\"lastModified\":\"2026-06-17T09:33:55.580\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2\u00a0unless the memory option is passed.\\n\\nThis issue affects OTP from OTP 17.0 until OTP\u00a028.0.1, OTP\u00a027.3.4.1 and OTP\u00a026.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido (\u0027Path Traversal\u0027) en Erlang OTP (m\u00f3dulos stdlib) permite Absolute Path Traversal y la manipulaci\u00f3n de archivos. Esta vulnerabilidad est\u00e1 asociada a los archivos de programa lib/stdlib/src/zip.erl y a las rutinas zip:unzip/1, zip:unzip/2, zip:extract/1 y zip:extract/2, a menos que se utilice la opci\u00f3n de memoria. Este problema afecta a OTP desde OTP 17.0 hasta OTP 28.0.1, OTP 27.3.4.1 y OTP 26.2.5.13, correspondientes a stdlib desde 2.0 hasta 7.0.1, 6.2.2.1 y 5.2.3.4.\"}],\"affected\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"affectedData\":[{\"vendor\":\"Erlang\",\"product\":\"OTP\",\"defaultStatus\":\"unknown\",\"packageName\":\"stdlib\",\"cpes\":[\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\"],\"modules\":[\"stdlib\"],\"programFiles\":[\"lib/stdlib/src/zip.erl\"],\"programRoutines\":[{\"name\":\"zip:unzip/1\"},{\"name\":\"zip:unzip/2\"},{\"name\":\"zip:extract/1\"},{\"name\":\"zip:extract/2\"}],\"repo\":\"https://github.com/erlang/otp\",\"packageURL\":\"pkg:otp/stdlib?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp\u0026vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git\",\"versions\":[{\"version\":\"2.0\",\"lessThan\":\"*\",\"versionType\":\"otp\",\"status\":\"affected\",\"changes\":[{\"at\":\"7.0.1\",\"status\":\"unaffected\"},{\"at\":\"6.2.2.1\",\"status\":\"unaffected\"},{\"at\":\"5.2.3.4\",\"status\":\"unaffected\"}]}]},{\"vendor\":\"Erlang\",\"product\":\"OTP\",\"defaultStatus\":\"unknown\",\"collectionURL\":\"https://github.com\",\"packageName\":\"erlang/otp\",\"cpes\":[\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\"],\"modules\":[\"stdlib\"],\"programFiles\":[\"lib/stdlib/src/zip.erl\"],\"programRoutines\":[{\"name\":\"zip:unzip/1\"},{\"name\":\"zip:unzip/2\"},{\"name\":\"zip:extract/1\"},{\"name\":\"zip:extract/2\"}],\"repo\":\"https://github.com/erlang/otp\",\"packageURL\":\"pkg:github/erlang/otp\",\"versions\":[{\"version\":\"17.0\",\"lessThan\":\"*\",\"versionType\":\"otp\",\"status\":\"affected\",\"changes\":[{\"at\":\"28.0.1\",\"status\":\"unaffected\"},{\"at\":\"27.3.4.1\",\"status\":\"unaffected\"},{\"at\":\"26.2.5.13\",\"status\":\"unaffected\"}]},{\"version\":\"07b8f441ca711f9812fad9e9115bab3c3aa92f79\",\"lessThan\":\"*\",\"versionType\":\"git\",\"status\":\"affected\",\"changes\":[{\"at\":\"d9454dbccbaaad4b8796095c8e653b71b066dfaf\",\"status\":\"unaffected\"},{\"at\":\"9b7b5431260e05a16eec3ecd530a232d0995d932\",\"status\":\"unaffected\"},{\"at\":\"0ac548b57c0491196c27e39518b5f6acf9326c1e\",\"status\":\"unaffected\"}]}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-06-16T15:10:47.019511Z\",\"id\":\"CVE-2025-4748\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"https://cna.erlef.org/cves/CVE-2025-4748.html\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/erlang/otp/pull/9941\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://osv.dev/vulnerability/EEF-CVE-2025-4748\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://www.erlang.org/doc/system/versions.html#order-of-versions\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/06/16/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"redhat_vex": {
"current_release_date": "2026-04-06T22:59:23+00:00",
"cve": "CVE-2025-4748",
"id": "CVE-2025-4748",
"initial_release_date": "2025-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "Absolute path traversal in zip:unzip/1,2",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4748.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/06/16/5\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-06-16T20:03:21.484Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-4748\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-16T15:10:47.019511Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-16T15:11:22.309Z\"}}], \"cna\": {\"title\": \"Absolute path traversal in zip:unzip/1,2\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Wander Nauta\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Lukas Backstr\\u00f6m\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Bj\\u00f6rn Gustavsson\"}], \"impacts\": [{\"capecId\": \"CAPEC-597\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-597 Absolute Path Traversal\"}]}, {\"capecId\": \"CAPEC-165\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-165 File Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 4.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/erlang/otp\", \"vendor\": \"Erlang\", \"modules\": [\"stdlib\"], \"product\": \"OTP\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"7.0.1\", \"status\": \"unaffected\"}, {\"at\": \"6.2.2.1\", \"status\": \"unaffected\"}, {\"at\": \"5.2.3.4\", \"status\": \"unaffected\"}], \"version\": \"2.0\", \"lessThan\": \"*\", \"versionType\": \"otp\"}], \"packageURL\": \"pkg:otp/stdlib?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp\u0026vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git\", \"packageName\": \"stdlib\", \"programFiles\": [\"lib/stdlib/src/zip.erl\"], \"defaultStatus\": \"unknown\", \"programRoutines\": [{\"name\": \"zip:unzip/1\"}, {\"name\": \"zip:unzip/2\"}, {\"name\": \"zip:extract/1\"}, {\"name\": \"zip:extract/2\"}]}, {\"cpes\": [\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/erlang/otp\", \"vendor\": \"Erlang\", \"modules\": [\"stdlib\"], \"product\": \"OTP\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"28.0.1\", \"status\": \"unaffected\"}, {\"at\": \"27.3.4.1\", \"status\": \"unaffected\"}, {\"at\": \"26.2.5.13\", \"status\": \"unaffected\"}], \"version\": \"17.0\", \"lessThan\": \"*\", \"versionType\": \"otp\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"d9454dbccbaaad4b8796095c8e653b71b066dfaf\", \"status\": \"unaffected\"}, {\"at\": \"9b7b5431260e05a16eec3ecd530a232d0995d932\", \"status\": \"unaffected\"}, {\"at\": \"0ac548b57c0491196c27e39518b5f6acf9326c1e\", \"status\": \"unaffected\"}], \"version\": \"07b8f441ca711f9812fad9e9115bab3c3aa92f79\", \"lessThan\": \"*\", \"versionType\": \"git\"}], \"packageURL\": \"pkg:github/erlang/otp\", \"packageName\": \"erlang/otp\", \"programFiles\": [\"lib/stdlib/src/zip.erl\"], \"collectionURL\": \"https://github.com\", \"defaultStatus\": \"unknown\", \"programRoutines\": [{\"name\": \"zip:unzip/1\"}, {\"name\": \"zip:unzip/2\"}, {\"name\": \"zip:extract/1\"}, {\"name\": \"zip:extract/2\"}]}], \"references\": [{\"url\": \"https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc\", \"tags\": [\"vendor-advisory\", \"related\"]}, {\"url\": \"https://cna.erlef.org/cves/CVE-2025-4748.html\", \"tags\": [\"related\"]}, {\"url\": \"https://osv.dev/vulnerability/EEF-CVE-2025-4748\", \"tags\": [\"related\"]}, {\"url\": \"https://www.erlang.org/doc/system/versions.html#order-of-versions\", \"tags\": [\"x_version-scheme\"]}, {\"url\": \"https://github.com/erlang/otp/pull/9941\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5\", \"tags\": [\"patch\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"You can use zip:list_dir/1\\u00a0on the archive and verify that no files contain absolute paths before extracting the archive to disk.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eYou can use \u003c/span\u003e\u003ccode\u003ezip:list_dir/1\u003c/code\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;on the archive and verify that no files contain absolute paths before extracting the archive to disk.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2\\u00a0unless the memory option is passed.\\n\\nThis issue affects OTP from OTP 17.0 until OTP\\u00a028.0.1, OTP\\u00a027.3.4.1 and OTP\\u00a026.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/stdlib/src/zip.erl\u003c/tt\u003e and program routines \u003ctt\u003ezip:unzip/1\u003c/tt\u003e, \u003ctt\u003ezip:unzip/2\u003c/tt\u003e, \u003ctt\u003ezip:extract/1\u003c/tt\u003e, \u003ctt\u003ezip:extract/2\u003c/tt\u003e\u003ctt\u003e\u0026nbsp;\u003c/tt\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eunless the \u003ctt\u003ememory\u003c/tt\u003e option is passed.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects OTP from OTP 17.0 until OTP\u0026nbsp;28.0.1, OTP\u0026nbsp;27.3.4.1 and OTP\u0026nbsp;26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"26.2.5.13\"}, {\"criteria\": \"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"27.3.4.1\", \"versionStartIncluding\": \"27.0\"}, {\"criteria\": \"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"28.0.1\", \"versionStartIncluding\": \"28.0\"}], \"operator\": \"OR\"}], \"operator\": \"AND\"}], \"providerMetadata\": {\"orgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"shortName\": \"EEF\", \"dateUpdated\": \"2026-05-27T15:40:23.055Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-4748\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-27T15:40:23.055Z\", \"dateReserved\": \"2025-05-15T08:36:54.783Z\", \"assignerOrgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"datePublished\": \"2025-06-16T11:00:54.643Z\", \"assignerShortName\": \"EEF\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…