CVE-2025-48041
SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles
Vulnerability description
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding.This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.
This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
Affected
pkg:otp/ssh
| Module | Source File |
|---|---|
ssh_sftp
|
lib/ssh/src/ssh_sftpd.erl
|
| Status | Type | Version | Changes / Fixed in |
|---|---|---|---|
| affected | otp ⓘ | 3.0.1
|
|
pkg:github/erlang/otp
| Module | Source File |
|---|---|
ssh_sftp
|
lib/ssh/src/ssh_sftpd.erl
|
| Status | Type | Version | Changes / Fixed in |
|---|---|---|---|
| affected | otp ⓘ | 17.0
|
|
| affected | git ⓘ | 07b8f441ca
|
|
Configurations
The SFTP subsystem must be enabled on the SSH server and the SSH port must be reachable by the attacker. SFTP is enabled by default unless explicitly disabled by setting {subsystems, []} in the SSH daemon configuration.
Workarounds
- disabling SFTP
- limiting number of max_sessions allowed for sshd, so exploiting becomes more complicated
References
- https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3 vendor-advisory related
- https://osv.dev/vulnerability/EEF-CVE-2025-48041 related
- https://github.com/erlang/otp/pull/10157 patch
- https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288 patch
- https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401 patch
Credits
- Remediation developer: Jakub Witczak
- Remediation reviewer: Ingela Andin
CVE record as JSON:
GET /cves/CVE-2025-48041.json
OSV record as JSON:
GET /osv/EEF-CVE-2025-48041.json