{"id":"AZL-64068","summary":"CVE-2025-4748 affecting package erlang for versions less than 25.3.2.21-2","details":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed.\n\nThis issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.","modified":"2026-04-01T05:20:15.272874Z","published":"2025-06-16T11:15:18Z","upstream":["CVE-2025-4748"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-4748"}],"affected":[{"package":{"name":"erlang","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/erlang"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"25.3.2.21-2"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64068.json"}}],"schema_version":"1.7.5"}