CVE-2025-48040— Malicious Key Exchange Messages may Lead to Excessive Resource Consumption
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-48040
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Malicious Key Exchange Messages may Lead to Excessive Resource Consumption
Source: NVD (National Vulnerability Database)
Vulnerability Description
Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Erlang/OTP 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Erlang/OTP是Erlang/OTP开源的一个JavaScript编写的处理处理异常的库。该库可以捕捉node.js内置API引发的异常。 Erlang/OTP 17.0版本至28.0.3版本、27.3.4.3版本和26.2.5.15版本存在安全漏洞,该漏洞源于lib/ssh/src/ssh_sftpd.erl文件中的资源消耗不受控制,可能导致过度分配和洪水攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-48040
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-48040
请登录查看更多情报信息。
Same Patch Batch · Erlang · 2025-09-11 · 4 CVEs total
| CVE-2025-48039 | Unverified Paths can Cause Excessive Use of System Resources | |
| CVE-2025-48041 | SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles | |
| CVE-2025-48038 | Unverified File Handles can Cause Excessive Use of System Resources |
IV. Related Vulnerabilities
Same product: OTP
- CVE-2026-32147
SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT - CVE-2026-28808
ScriptAlias CGI targets bypass directory auth in inets httpd - CVE-2026-32144
OCSP designated-responder authorization bypass via missing s - CVE-2026-28810
Predictable DNS Transaction IDs Enable Cache Poisoning in Bu - CVE-2026-23941
Request smuggling via first-wins Content-Length parsing in i
Same vendor: Erlang
- CVE-2026-32147
SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT - CVE-2026-28808
ScriptAlias CGI targets bypass directory auth in inets httpd - CVE-2026-32144
OCSP designated-responder authorization bypass via missing s - CVE-2026-28810
Predictable DNS Transaction IDs Enable Cache Poisoning in Bu - CVE-2026-23941
Request smuggling via first-wins Content-Length parsing in i
Same weakness: CWE-400
- CVE-2026-8187
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption - CVE-2026-42343
FastGPT: Uncontrolled Resource Consumption leading to Sandbo - CVE-2026-42212
SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-lau - CVE-2026-32686
Unbounded exponent in decimal enables unauthenticated DoS - CVE-2026-20188
Cisco Crosswork Network Controller and Cisco Network Service
V. Comments for CVE-2025-48040
No comments yet