CVE-2025-48038 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-48038 PUBLISHED CVSS 5.300000190734863 MEDIUM

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

EPSS 0.12% · 31.3th percentile

Risk Scores

CVSS v4.0

5.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS Score

0.12%

31.3th percentile

Affected Products

Vendor	Product	Versions
Erlang	OTP	17.0, pkg:otp/ssh@3.0.1
erlang	erlang\/otp	0, 27.0, 28.0
Erlang	OTP	07b8f441ca711f9812fad9e9115bab3c3aa92f79

Timeline

Jan 21, 1970 Fix PR Merged
Sep 11, 2025 EPSS Score
Sep 11, 2025 Coalition ESS Score
Sep 11, 2025 CVE Published
Sep 11, 2025 PoC Published
Sep 18, 2025 EPSS Score
Sep 24, 2025 EPSS Score
Oct 1, 2025 EPSS Score
Oct 4, 2025 Coalition ESS Score
Oct 6, 2025 Coalition ESS Score
Oct 8, 2025 EPSS Score
Oct 14, 2025 Coalition ESS Score

References

Open in Interactive Console →