QwikSec

Security Database

CVE

CWE

Training

CVE-2025-48038

Published: Sep 11, 2025

Modified: May 27, 2026

PUBLISHED

Description

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

Vendor	Product	Versions
Erlang	OTP	affected `3.0.1 - < *`
Erlang	OTP	affected `17.0 - < ` affected `07b8f441ca711f9812fad9e9115bab3c3aa92f79 - < `

Weaknesses (CWE)

References

https://github.com/erlang/otp/security/advisories/GHSA-pvj7-9652-7h9r

vendor-advisory

related

https://cna.erlef.org/cves/CVE-2025-48038.html

related

https://osv.dev/vulnerability/EEF-CVE-2025-48038

related

https://www.erlang.org/doc/system/versions.html#order-of-versions

x_version-scheme

https://github.com/erlang/otp/pull/10156

patch

https://github.com/erlang/otp/commit/4e3bf86777ab3db7220c11d8ddabf15970ddd10a

patch

https://github.com/erlang/otp/commit/f09e0201ff701993dc24a08f15e524daf72db42f

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.