CVE-2025-48039

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-48039
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48039.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-48039
Aliases
Downstream
Related
Published
2025-09-11T08:13:36.878Z
Modified
2026-05-21T03:54:33.442148299Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
Unverified Paths can Cause Excessive Use of System Resources
Details

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (sshsftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl.

This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

Database specific 
{
    "cwe_ids": [
        "CWE-400",
        "CWE-770"
    ],
    "cna_assigner": "EEF",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48039.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "3.0.1"
                },
                {
                    "fixed": "*"
                },
                {
                    "introduced": "17.0"
                },
                {
                    "fixed": "*"
                },
                {
                    "introduced": "07b8f441ca711f9812fad9e9115bab3c3aa92f79"
                },
                {
                    "fixed": "*"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/erlang/otp

Affected ranges

Type
GIT
Repo
https://github.com/erlang/otp
Events
Introduced
9e6f6742c4d9e9915ee8af0dcb7d97cf1f836116
Fixed
756621cebe01ec43df61d9627380ca7e1e301c9b

Affected versions

OTP-28.*
OTP-28.0
OTP-28.0.1
OTP-28.0.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48039.json"