{"affected":[{"ranges":[{"events":[{"introduced":"07b8f441ca711f9812fad9e9115bab3c3aa92f79"},{"fixed":"d9454dbccbaaad4b8796095c8e653b71b066dfaf"},{"fixed":"9b7b5431260e05a16eec3ecd530a232d0995d932"},{"fixed":"0ac548b57c0491196c27e39518b5f6acf9326c1e"}],"repo":"https://github.com/erlang/otp","type":"GIT"}]}],"aliases":["GHSA-9g37-pgj9-wrhc","CVE-2025-4748"],"credits":[{"name":"Wander Nauta","type":"FINDER"},{"name":"Lukas Backström","type":"REMEDIATION_DEVELOPER"},{"name":"Björn Gustavsson","type":"REMEDIATION_REVIEWER"}],"database_specific":{"capec_ids":["CAPEC-597","CAPEC-165"],"cpe_ids":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"cwe_ids":["CWE-22"]},"details":"## Summary\n\nImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed.\n\nThis issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.\n\n## Workaround\n\nYou can use zip:list_dir/1 on the archive and verify that no files contain absolute paths before extracting the archive to disk.","id":"EEF-CVE-2025-4748","modified":"2026-04-06T16:44:04.139Z","published":"2025-06-16T11:00:54.643Z","references":[{"type":"ADVISORY","url":"https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc"},{"type":"WEB","url":"https://cna.erlef.org/cves/CVE-2025-4748.html"},{"type":"WEB","url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"},{"type":"FIX","url":"https://github.com/erlang/otp/pull/9941"},{"type":"FIX","url":"https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f"},{"type":"FIX","url":"https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f"},{"type":"FIX","url":"https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5"}],"related":[],"schema_version":"1.7.3","severity":[{"score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L","type":"CVSS_V4"}],"summary":"Absolute path traversal in zip:unzip/1,2","upstream":[]}