PT-2025-37164 · Ssh+5 · Ssh+5

Ingela Andin

Published

2025-09-11

Updated

2026-06-05

CVE-2025-48040

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.3 Erlang OTP versions 26.2.5.15 Erlang OTP versions 27.3.4.3 ssh versions 3.0.1 through 5.3.3 ssh versions 5.1.4.12 ssh versions 5.2.11.3

Description An uncontrolled resource consumption issue exists in Erlang OTP ssh (ssh sftp modules), allowing excessive allocation and flooding. The issue is associated with the ssh sftpd.erl file.

Recommendations Update Erlang OTP to a version later than 28.0.3. Update ssh to a version later than 5.3.3. Update ssh to a version later than 5.2.11.3. Update ssh to a version later than 5.1.4.12.

Fix

DoS

Allocation of Resources Without Limits

Uncontrolled Recursion

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-674CWE-400

Related Identifiers

AZL-67278

AZL-67293

BDU:2025-13917

CVE-2025-48040

GHSA-H7RG-6RJG-4CPH

OESA-2026-1027

OESA-2026-1028

OESA-2026-1029

OESA-2026-1032

OPENSUSE-SU-2026:20043-1

SUSE-SU-2026:0023-1

SUSE-SU-2026:0661-1

SUSE-SU-2026:20088-1

USN-7831-1

Affected Products

Debian

Erlang/Otp

Linuxmint

Red Os

Ubuntu

Ssh

PT-2025-37164 · Ssh+5 · Ssh+5

CVE-2025-48040

Weakness Enumeration

Related Identifiers

Affected Products

References · 47