CVE-2025-46712— Erlang/OTP SSH Has Strict KEX Violations
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-46712
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Erlang/OTP SSH Has Strict KEX Violations
Source: NVD (National Vulnerability Database)
Vulnerability Description
Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
预期行为违背
Source: NVD (National Vulnerability Database)
Vulnerability Title
Erlang/OTP 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Erlang/OTP是Erlang/OTP开源的一个JavaScript编写的处理处理异常的库。该库可以捕捉node.js内置API引发的异常。 Erlang/OTP存在安全漏洞,该漏洞源于SSH未严格实施KEX握手措施,可能导致中间人攻击。以下版本受到影响:OTP-27.3.4之前版本、OTP-26.2.5.12之前版本和OTP-25.3.2.21之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-46712
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-46712
请登录查看更多情报信息。
- Release OTP 25.3.2.21 · erlang/otp · GitHubx_refsource_MISC
- Release OTP 26.2.5.12 · erlang/otp · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2025-46712
IV. Related Vulnerabilities
Same product: otp
- CVE-2026-32147
SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT - CVE-2026-28808
ScriptAlias CGI targets bypass directory auth in inets httpd - CVE-2026-32144
OCSP designated-responder authorization bypass via missing s - CVE-2026-28810
Predictable DNS Transaction IDs Enable Cache Poisoning in Bu - CVE-2026-23943
Pre-auth SSH DoS via unbounded zlib inflate
Same vendor: erlang
- CVE-2026-32147
SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT - CVE-2026-28808
ScriptAlias CGI targets bypass directory auth in inets httpd - CVE-2026-32144
OCSP designated-responder authorization bypass via missing s - CVE-2026-28810
Predictable DNS Transaction IDs Enable Cache Poisoning in Bu - CVE-2026-23943
Pre-auth SSH DoS via unbounded zlib inflate
Same weakness: CWE-440
- CVE-2026-41136
free5GC AMF missing default case in Content-Type switch in H - CVE-2026-3344
WatchGuard Firebox System Integrity Check Bypass - CVE-2025-13940
WatchGuard Firebox Boot Time System Integrity Check Bypass - CVE-2025-8850
Insecure API Design in danny-avila/librechat - CVE-2025-52953
Junos OS and Junos OS Evolved: An unauthenticated adjacent a
V. Comments for CVE-2025-46712
No comments yet