CVE-2025-48041— SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-48041
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles
Source: NVD (National Vulnerability Database)
Vulnerability Description
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不加限制或调节的资源分配
Source: NVD (National Vulnerability Database)
Vulnerability Title
Erlang/OTP 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Erlang/OTP是Erlang/OTP开源的一个JavaScript编写的处理处理异常的库。该库可以捕捉node.js内置API引发的异常。 Erlang/OTP 17.0版本至28.0.3版本、27.3.4.3版本和26.2.5.15版本存在安全漏洞,该漏洞源于lib/ssh/src/ssh_sftpd.erl中资源分配无限制,可能导致资源过度分配和洪水攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-48041
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-48041
请登录查看更多情报信息。
Same Patch Batch · Erlang · 2025-09-11 · 4 CVEs total
| CVE-2025-48039 | Unverified Paths can Cause Excessive Use of System Resources | |
| CVE-2025-48040 | Malicious Key Exchange Messages may Lead to Excessive Resource Consumption | |
| CVE-2025-48038 | Unverified File Handles can Cause Excessive Use of System Resources |
IV. Related Vulnerabilities
Same product: OTP
- CVE-2026-32147
SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT - CVE-2026-28808
ScriptAlias CGI targets bypass directory auth in inets httpd - CVE-2026-32144
OCSP designated-responder authorization bypass via missing s - CVE-2026-28810
Predictable DNS Transaction IDs Enable Cache Poisoning in Bu - CVE-2026-23941
Request smuggling via first-wins Content-Length parsing in i
Same vendor: Erlang
- CVE-2026-32147
SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT - CVE-2026-28808
ScriptAlias CGI targets bypass directory auth in inets httpd - CVE-2026-32144
OCSP designated-responder authorization bypass via missing s - CVE-2026-28810
Predictable DNS Transaction IDs Enable Cache Poisoning in Bu - CVE-2026-23941
Request smuggling via first-wins Content-Length parsing in i
Same weakness: CWE-770
- CVE-2026-42294
Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in W - CVE-2026-42189
Russh: Pre-auth DoS via unbounded allocation in keyboard-int - CVE-2026-42793
Atom table exhaustion via attacker-controlled GraphQL SDL na - CVE-2026-44499
ZEBRA: Permanent Block Discovery Halt via Gossip Queue Satur - CVE-2026-44500
ZEBRA: Allocation Amplification in Inbound Network Deseriali
V. Comments for CVE-2025-48041
No comments yet