Medium severityOSV Advisory· Published Sep 11, 2025· Updated Jun 5, 2026
CVE-2025-48039
CVE-2025-48039
Description
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.
This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- osv-coords8 versionspkg:rpm/opensuse/erlang26&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/erlang27&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/erlang&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/erlang&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/erlang26&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 26.2.1-150300.7.22.1+ 7 more
- (no CPE)range: < 26.2.1-150300.7.22.1
- (no CPE)range: < 27.1.3-2.1
- (no CPE)range: < 23.3.4.19-150300.3.29.1
- (no CPE)range: < 27.1.3-160000.3.1
- (no CPE)range: < 26.2.1-150300.7.22.1
- (no CPE)range: < 23.3.4.19-150300.3.29.1
- (no CPE)range: < 27.1.3-160000.3.1
- (no CPE)range: < 27.1.3-160000.3.1
Patches
Vulnerability mechanics
References
7- cna.erlef.org/cves/CVE-2025-48039.htmlnvd
- github.com/erlang/otp/commit/043ee3c943e2977c1acdd740ad13992fd60b6bf0nvd
- github.com/erlang/otp/commit/c242e6458967e9514bea351814151695807a54acnvd
- github.com/erlang/otp/pull/10155nvd
- github.com/erlang/otp/security/advisories/GHSA-rr5p-6856-j7h8nvd
- osv.dev/vulnerability/EEF-CVE-2025-48039nvd
- www.erlang.org/doc/system/versions.htmlnvd
News mentions
0No linked articles in our index yet.