QwikSec

Security Database

CVE

CWE

Training

CVE-2025-48040

Published: Sep 11, 2025

Modified: May 27, 2026

PUBLISHED

Description

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

Vendor	Product	Versions
Erlang	OTP	affected `3.0.1 - < *`
Erlang	OTP	affected `17.0 - < ` affected `07b8f441ca711f9812fad9e9115bab3c3aa92f79 - < `

Weaknesses (CWE)

References

https://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph

vendor-advisory

related

https://cna.erlef.org/cves/CVE-2025-48040.html

related

https://osv.dev/vulnerability/EEF-CVE-2025-48040

related

https://www.erlang.org/doc/system/versions.html#order-of-versions

x_version-scheme

https://github.com/erlang/otp/pull/10162

patch

https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a

patch

https://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.