CVE-2025-48041
BaseFortify
Publication date: 2025-09-11
Last updated on: 2026-04-06
Assigner: EEF
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| erlang | ssh | 3.0.1 |
| erlang | ssh | 5.2.11.3 |
| erlang | otp | 17.0 |
| erlang | ssh | 5.1.4.12 |
| erlang | otp | 27.3.4.3 |
| erlang | otp | 28.0.3 |
| erlang | ssh | 5.3.3 |
| erlang | otp | 26.2.5.15 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Erlang OTP SSH server's SFTP subsystem allows an attacker to open an excessive number of file handles without limits or throttling. Specifically, the SSH_FXP_OPENDIR operation creates file handles within the Erlang VM but does not enforce OS-level limits, leading to uncontrolled resource consumption. This can cause the Erlang VM to exhaust its available file handles, potentially degrading system stability or causing denial of service. [2]
How can this vulnerability impact me? :
The vulnerability can impact you by causing resource exhaustion within the Erlang VM running the SSH SFTP server. This can degrade system stability and availability, potentially leading to denial of service conditions where legitimate users cannot access the SSH SFTP service. The attack can be performed remotely over the network with low complexity and low privileges, making it a significant availability risk. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability involves excessive allocation of file handles by the Erlang OTP ssh_sftp server, which can lead to resource exhaustion. Detection can involve monitoring the number of open file handles by the ssh_sftpd process to identify unusually high usage. Commands such as `lsof -p <pid_of_ssh_sftpd>` or `ls /proc/<pid_of_ssh_sftpd>/fd | wc -l` on Linux systems can help count open file descriptors. Additionally, monitoring SSH SFTP sessions for abnormal behavior or excessive directory open requests (SSH_FXP_OPENDIR) may indicate exploitation attempts. Network monitoring tools could also be used to detect unusual SFTP traffic patterns indicative of flooding or resource exhaustion attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling the SFTP subsystem if it is not required, or limiting the maximum number of SSH sessions using the `max_sessions` configuration option to reduce the attack surface. Applying the patch that introduces the `max_handles` configuration option to the ssh_sftpd module is recommended; this option limits the number of simultaneous open file handles per SFTP connection (default 1000), preventing resource exhaustion. If patching is not immediately possible, restricting or monitoring SFTP usage and limiting SSH access can help mitigate exploitation risks. [1, 2, 3, 4]