High severityOSV Advisory· Published Sep 11, 2025· Updated Jun 5, 2026
CVE-2025-48041
CVE-2025-48041
Description
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.
This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24- osv-coords21 versionspkg:rpm/opensuse/erlang26&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/erlang27&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/erlang&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/erlang26&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/erlang26&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/erlang&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/erlang&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/erlang&distro=SUSE%20Manager%20Server%20LTS%204.3
< 26.2.1-150300.7.19.1+ 20 more
- (no CPE)range: < 26.2.1-150300.7.19.1
- (no CPE)range: < 27.1.3-1.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 26.2.1-150300.7.19.1
- (no CPE)range: < 26.2.1-150300.7.19.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
- (no CPE)range: < 23.3.4.19-150300.3.26.1
Patches
Vulnerability mechanics
References
7- cna.erlef.org/cves/CVE-2025-48041.htmlnvd
- github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288nvd
- github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401nvd
- github.com/erlang/otp/pull/10157nvd
- github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3nvd
- osv.dev/vulnerability/EEF-CVE-2025-48041nvd
- www.erlang.org/doc/system/versions.htmlnvd
News mentions
0No linked articles in our index yet.