CVE-2025-48039

CVSS v4.0

5.3

Medium

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.3 Erlang OTP versions 26.2.5.15 through 27.3.4.3 Erlang OTP versions 27.3.4.3 Erlang OTP versions 28.0.3 ssh versions 3.0.1 through 5.3.3 ssh versions 5.1.4.12 ssh versions 5.2.11.3

Description An Allocation of Resources Without Limits or Throttling issue exists in Erlang OTP ssh (ssh sftp modules), potentially leading to Excessive Allocation and Resource Leak Exposure. The issue is associated with the ssh sftpd.erl file.

Recommendations Update Erlang OTP to a version later than 28.0.3. Update ssh to a version later than 5.3.3. Update ssh to a version later than 5.2.11.3. Update ssh to a version later than 5.1.4.12.

Fix

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

AZL-67127

AZL-67130

BDU:2025-13916

CVE-2025-48039

DLA-4376-1

GHSA-RR5P-6856-J7H8

OESA-2026-1027

OESA-2026-1028

OESA-2026-1029

OESA-2026-1030

OESA-2026-1031

OESA-2026-1032

OPENSUSE-SU-2026:20043-1

SUSE-SU-2026:0023-1

SUSE-SU-2026:0661-1

SUSE-SU-2026:20088-1

USN-7831-1

Affected Products

Debian

Erlang/Otp

Linuxmint

Red Os

Ubuntu

Ssh

CVE-2025-48039

Weakness Enumeration

Related Identifiers

Affected Products

References · 52