CVE-2025-48039
BaseFortify
Publication date: 2025-09-11
Last updated on: 2026-04-06
Assigner: EEF
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| erlang | otp | 17.0 |
| erlang | otp | 27.3.4.3 |
| erlang | otp | 28.0.3 |
| erlang | otp | ssh |
| erlang | otp | ssh |
| erlang | otp | ssh |
| erlang | otp | 26.2.5.15 |
| erlang | otp | ssh |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-48039 is a vulnerability in the Erlang OTP SSH server's SFTP module (ssh_sftpd) where the server does not limit the length of file path inputs from authenticated SFTP clients. This lack of limits allows attackers to submit excessively long file paths, which can cause excessive allocation of CPU and memory resources on the server, potentially leading to resource exhaustion or denial of service. The vulnerability arises because the server fails to verify or throttle resource usage related to path lengths in SFTP requests. [2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can impact you by causing excessive CPU and memory consumption on the affected server when processing overly long file paths submitted by authenticated SFTP users. This can degrade system stability and availability, potentially leading to denial of service conditions. However, it does not affect confidentiality or integrity of data. Exploitation requires low privileges (authenticated SFTP user) and no user interaction, making it relatively easy to exploit over the network. [2, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unusually long file path requests sent by authenticated SFTP users to the Erlang OTP ssh_sftp server. Since the vulnerability arises from unverified excessively long paths causing resource exhaustion, you can detect potential exploitation attempts by inspecting SFTP traffic for path lengths exceeding typical limits (e.g., over 4096 bytes). Network packet capture tools like tcpdump or Wireshark can be used to capture SSH/SFTP traffic, and custom scripts or tools can analyze the length of path strings in SFTP requests. Additionally, monitoring server logs for repeated errors related to path length rejections (e.g., SSH_FX_NO_SUCH_PATH errors) may indicate attempts to exploit this issue. There are no specific built-in commands mentioned in the resources, but general approaches include: 1) Using tcpdump to capture SSH traffic: `tcpdump -i <interface> port 22 -w capture.pcap` 2) Analyzing captured traffic with Wireshark or custom scripts to identify SFTP requests with path lengths exceeding 4096 bytes. 3) Checking ssh_sftpd logs for errors related to path length rejections. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Applying the official patch or upgrading Erlang/OTP ssh and ssh_sftp modules to versions that include the fix implementing a maximum path length limit (default 4096 bytes). 2) As a workaround, disable the SFTP subsystem if it is not required. 3) Limit the maximum number of SSH sessions (max_sessions) to reduce the risk of resource exhaustion. 4) Monitor and restrict authenticated SFTP user activities to prevent abuse. These steps help prevent exploitation by enforcing path length limits and reducing attack surface until patched versions are deployed. [2]