CVE-2025-48038
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2025-09-11

Last updated on: 2026-06-05

Assigner: EEF

Description
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-11
Last Modified
2026-06-05
Generated
2026-06-16
AI Q&A
2025-09-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-48038
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
erlang otp 17.0
erlang otp 27.3.4.3
erlang otp 28.0.3
erlang otp ssh
erlang otp ssh
erlang otp ssh
erlang otp 26.2.5.15
erlang otp ssh
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-48038 is a vulnerability in the Erlang OTP SSH server's SFTP subsystem where the server does not properly limit the size of file handles sent by authenticated SFTP users. File handles larger than 256 bytes are not rejected, which violates the SFTP protocol specification. This allows attackers to send oversized file handles, causing excessive allocation of resources such as CPU and memory on the server, leading to resource exhaustion and potential denial of service. [2, 3, 4]

Impact Analysis

This vulnerability can impact you by allowing an authenticated SFTP user to cause excessive CPU and memory consumption on the server, potentially leading to resource exhaustion and reduced system availability. It does not affect confidentiality or integrity but can degrade service availability, causing denial of service conditions. Exploitation requires low privileges and no user interaction, making it relatively easy to exploit over the network. [3]

Detection Guidance

Detection of this vulnerability involves monitoring for abnormal or excessive resource consumption on the SSH server, particularly related to SFTP sessions. Since the vulnerability is caused by clients sending oversized file handles (>256 bytes), you can look for unusual SSH/SFTP activity or errors indicating invalid file handles. Specific commands are not provided in the resources, but general approaches include checking SSH server logs for 'Invalid handle' messages, monitoring CPU and memory usage spikes during SFTP sessions, and using network monitoring tools to inspect SFTP traffic for oversized file handle requests. [3, 1, 2, 4]

Mitigation Strategies

Immediate mitigation steps include upgrading Erlang/OTP to a patched version that includes the fix for CVE-2025-48038, such as OTP 28.0.3, 27.3.4.3, or 26.2.5.15, or the corresponding patched ssh versions (5.3.3, 5.2.11.3, 5.1.4.12). If upgrading is not immediately possible, workarounds include disabling the SFTP subsystem or limiting the maximum number of SSH sessions (max_sessions) to reduce the risk of exploitation. The patch enforces a file handle size limit of 256 bytes, rejecting oversized handles and preventing resource exhaustion. [3, 1, 2, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-48038. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart