CVE-2025-48041

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-48041
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48041.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-48041
Aliases
Downstream
Related
Published
2025-09-11T08:14:20.508Z
Modified
2026-05-21T03:54:37.372463415Z
Severity
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles
Details

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (sshsftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl.

This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

Database specific 
{
    "cwe_ids": [
        "CWE-400",
        "CWE-770"
    ],
    "cna_assigner": "EEF",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48041.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "3.0.1"
                },
                {
                    "fixed": "*"
                },
                {
                    "introduced": "17.0"
                },
                {
                    "fixed": "*"
                },
                {
                    "introduced": "07b8f441ca711f9812fad9e9115bab3c3aa92f79"
                },
                {
                    "fixed": "*"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/erlang/otp

Affected ranges

Type
GIT
Repo
https://github.com/erlang/otp
Events
Introduced
9e6f6742c4d9e9915ee8af0dcb7d97cf1f836116
Fixed
756621cebe01ec43df61d9627380ca7e1e301c9b

Affected versions

OTP-28.*
OTP-28.0
OTP-28.0.1
OTP-28.0.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48041.json"