CVE-2025-48038
BaseFortify
Publication date: 2025-09-11
Last updated on: 2026-04-06
Assigner: EEF
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| erlang | otp | 17.0 |
| erlang | otp | 27.3.4.3 |
| erlang | otp | 28.0.3 |
| erlang | otp | ssh |
| erlang | otp | ssh |
| erlang | otp | ssh |
| erlang | otp | 26.2.5.15 |
| erlang | otp | ssh |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-48038 is a vulnerability in the Erlang OTP SSH server's SFTP subsystem where the server does not properly limit the size of file handles sent by authenticated SFTP users. File handles larger than 256 bytes are not rejected, which violates the SFTP protocol specification. This allows attackers to send oversized file handles, causing excessive allocation of resources such as CPU and memory on the server, leading to resource exhaustion and potential denial of service. [2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated SFTP user to cause excessive CPU and memory consumption on the server, potentially leading to resource exhaustion and reduced system availability. It does not affect confidentiality or integrity but can degrade service availability, causing denial of service conditions. Exploitation requires low privileges and no user interaction, making it relatively easy to exploit over the network. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for abnormal or excessive resource consumption on the SSH server, particularly related to SFTP sessions. Since the vulnerability is caused by clients sending oversized file handles (>256 bytes), you can look for unusual SSH/SFTP activity or errors indicating invalid file handles. Specific commands are not provided in the resources, but general approaches include checking SSH server logs for 'Invalid handle' messages, monitoring CPU and memory usage spikes during SFTP sessions, and using network monitoring tools to inspect SFTP traffic for oversized file handle requests. [3, 1, 2, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Erlang/OTP to a patched version that includes the fix for CVE-2025-48038, such as OTP 28.0.3, 27.3.4.3, or 26.2.5.15, or the corresponding patched ssh versions (5.3.3, 5.2.11.3, 5.1.4.12). If upgrading is not immediately possible, workarounds include disabling the SFTP subsystem or limiting the maximum number of SSH sessions (max_sessions) to reduce the risk of exploitation. The patch enforces a file handle size limit of 256 bytes, rejecting oversized handles and preventing resource exhaustion. [3, 1, 2, 4]