AZL-64068

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64068.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-64068

Upstream

CVE-2025-4748

Published

2025-06-16T11:15:18Z

Modified

2026-04-01T05:20:15.272874Z

Summary

CVE-2025-4748 affecting package erlang for versions less than 25.3.2.21-2

Details

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed.

This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4748

Affected packages

Azure Linux:2 / erlang

Package

Name: erlang
Purl: pkg:rpm/azure-linux/erlang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

25.3.2.21-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64068.json"