{"id":"CVE-2025-48041","summary":"SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles","details":"Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.","aliases":["EEF-CVE-2025-48041","GHSA-79c4-cvv7-4qm3"],"modified":"2026-05-21T03:54:37.372463415Z","published":"2025-09-11T08:14:20.508Z","related":["SUSE-SU-2025:3807-1","SUSE-SU-2025:4035-1","openSUSE-SU-2025:15740-1"],"database_specific":{"cwe_ids":["CWE-400","CWE-770"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48041.json","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"3.0.1"},{"fixed":"*"},{"introduced":"17.0"},{"fixed":"*"},{"introduced":"07b8f441ca711f9812fad9e9115bab3c3aa92f79"},{"fixed":"*"}]}],"cna_assigner":"EEF"},"references":[{"type":"WEB","url":"https://cna.erlef.org/cves/CVE-2025-48041.html"},{"type":"WEB","url":"https://github.com"},{"type":"WEB","url":"https://osv.dev/vulnerability/EEF-CVE-2025-48041"},{"type":"WEB","url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48041.json"},{"type":"ADVISORY","url":"https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48041"},{"type":"FIX","url":"https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288"},{"type":"FIX","url":"https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401"},{"type":"FIX","url":"https://github.com/erlang/otp/pull/10157"},{"type":"PACKAGE","url":"https://github.com/erlang/otp"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/erlang/otp","events":[{"introduced":"9e6f6742c4d9e9915ee8af0dcb7d97cf1f836116"},{"fixed":"756621cebe01ec43df61d9627380ca7e1e301c9b"}]}],"versions":["OTP-28.0","OTP-28.0.2","OTP-28.0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48041.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}]}