Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

CVE-2025-48038 | Mondoo Vulnerability Intelligence

CVE-2025-48038

MEDIUM5.3

Unverified File Handles can Cause Excessive Use of System Resources

Published Sep 11, 2025

Modified 4 months ago

No fix available

Details

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.

This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

References

FIXhttps://github.com/erlang/otp/commit/4e3bf86777ab3db7220c11d8ddabf15970ddd10a FIXhttps://github.com/erlang/otp/commit/f09e0201ff701993dc24a08f15e524daf72db42f FIXhttps://github.com/erlang/otp/pull/10156 ADVISORYhttps://github.com/erlang/otp/security/advisories/GHSA-pvj7-9652-7h9r ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-48038 WEBhttps://www.erlang.org/doc/system/versions.html#order-of-versions

CVSS Analysis

CVSS v4.0

5.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

NoneVI:N

Vuln. Availability

LowVA:L

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

5.3/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Weakness Type (CWE)

Resource Management

CWE-400

Resource Exhaustion

CWE-770

Allocation without Limits

Ecosystems

Timeline

PublishedSep 11, 2025

ModifiedSep 12, 2025