Medium severityOSV Advisory· Published Sep 11, 2025· Updated Jun 5, 2026
CVE-2025-48040
CVE-2025-48040
Description
Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.
This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords7 versionspkg:rpm/opensuse/erlang26&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/erlang&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/erlang&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/erlang26&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 26.2.1-150300.7.22.1+ 6 more
- (no CPE)range: < 26.2.1-150300.7.22.1
- (no CPE)range: < 23.3.4.19-150300.3.29.1
- (no CPE)range: < 27.1.3-160000.3.1
- (no CPE)range: < 26.2.1-150300.7.22.1
- (no CPE)range: < 23.3.4.19-150300.3.29.1
- (no CPE)range: < 27.1.3-160000.3.1
- (no CPE)range: < 27.1.3-160000.3.1
Patches
Vulnerability mechanics
References
7- cna.erlef.org/cves/CVE-2025-48040.htmlnvd
- github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5anvd
- github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181anvd
- github.com/erlang/otp/pull/10162nvd
- github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cphnvd
- osv.dev/vulnerability/EEF-CVE-2025-48040nvd
- www.erlang.org/doc/system/versions.htmlnvd
News mentions
0No linked articles in our index yet.