CVE-2025-48038

N/A Unknown
Published: September 11, 2025 Modified: April 15, 2026
View on NVD

Description

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://cna.erlef.org/cves/CVE-2025-48038.html
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
https://github.com/erlang/otp/commit/4e3bf86777ab3db7220c11d8ddabf15970ddd10a
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
https://github.com/erlang/otp/commit/f09e0201ff701993dc24a08f15e524daf72db42f
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
https://github.com/erlang/otp/pull/10156
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
https://github.com/erlang/otp/security/advisories/GHSA-pvj7-9652-7h9r
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
https://osv.dev/vulnerability/EEF-CVE-2025-48038
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
https://www.erlang.org/doc/system/versions.html#order-of-versions
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db

7 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.1%
35th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-400 CWE-770

Related CVEs

CVE-2025-71256 7.5
CVE-2025-71255 7.5
CVE-2025-71254 7.5
CVE-2025-71253 7.5
CVE-2025-71252 7.5