{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-48040", "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "state": "PUBLISHED", "assignerShortName": "EEF", "dateReserved": "2025-05-15T08:40:25.455Z", "datePublished": "2025-09-11T08:14:19.671Z", "dateUpdated": "2026-04-06T16:44:01.688Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "modules": ["ssh_sftp"], "packageName": "ssh", "packageURL": "pkg:otp/ssh?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git", "product": "OTP", "programFiles": ["lib/ssh/src/ssh_sftpd.erl"], "repo": "https://github.com/erlang/otp", "vendor": "Erlang", "versions": [{"changes": [{"at": "5.3.3", "status": "unaffected"}, {"at": "5.2.11.3", "status": "unaffected"}, {"at": "5.1.4.12", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "3.0.1", "versionType": "otp"}]}, {"collectionURL": "https://github.com", "cpes": ["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "modules": ["ssh_sftp"], "packageName": "erlang/otp", "packageURL": "pkg:github/erlang/otp", "product": "OTP", "programFiles": ["lib/ssh/src/ssh_sftpd.erl"], "repo": "https://github.com/erlang/otp", "vendor": "Erlang", "versions": [{"changes": [{"at": "28.0.3", "status": "unaffected"}, {"at": "27.3.4.3", "status": "unaffected"}, {"at": "26.2.5.15", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "17.0", "versionType": "otp"}, {"changes": [{"at": "7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a", "status": "unaffected"}, {"at": "548f1295d86d0803da884db8685cc16d461d0d5a", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "07b8f441ca711f9812fad9e9115bab3c3aa92f79", "versionType": "git"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2.5.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndExcluding": "27.3.4.3", "versionStartIncluding": "27.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndExcluding": "28.0.3", "versionStartIncluding": "28.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "credits": [{"lang": "en", "type": "remediation developer", "value": "Jakub Witczak"}, {"lang": "en", "type": "remediation reviewer", "value": "Ingela Andin"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding.<p> This vulnerability is associated with program files <tt>lib/ssh/src/ssh_sftpd.erl</tt>.</p><p>This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.</p>"}], "value": "Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12."}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}, {"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125 Flooding"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "shortName": "EEF", "dateUpdated": "2026-04-06T16:44:01.688Z"}, "references": [{"tags": ["vendor-advisory", "related"], "url": "https://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph"}, {"tags": ["related"], "url": "https://cna.erlef.org/cves/CVE-2025-48040.html"}, {"tags": ["related"], "url": "https://osv.dev/vulnerability/EEF-CVE-2025-48040"}, {"tags": ["x_version-scheme"], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"}, {"tags": ["patch"], "url": "https://github.com/erlang/otp/pull/10162"}, {"tags": ["patch"], "url": "https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a"}, {"tags": ["patch"], "url": "https://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a"}], "source": {"discovery": "INTERNAL"}, "title": "Malicious Key Exchange Messages may Lead to Excessive Resource Consumption", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<ul><li>set option <tt>parallel_login</tt> to <tt>false</tt></li><li>reduce <tt>max_sessions</tt> option</li></ul>"}], "value": "* set option parallel_login to false\n * reduce max_sessions option"}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-11T13:30:33.529743Z", "id": "CVE-2025-48040", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T14:36:29.640Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48040", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-11T13:30:33.529743Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T13:30:37.281Z"}}], "cna": {"title": "Malicious Key Exchange Messages may Lead to Excessive Resource Consumption", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "remediation developer", "value": "Jakub Witczak"}, {"lang": "en", "type": "remediation reviewer", "value": "Ingela Andin"}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}, {"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125 Flooding"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"], "repo": "https://github.com/erlang/otp", "vendor": "Erlang", "modules": ["ssh_sftp"], "product": "OTP", "versions": [{"status": "affected", "changes": [{"at": "5.3.3", "status": "unaffected"}, {"at": "5.2.11.3", "status": "unaffected"}, {"at": "5.1.4.12", "status": "unaffected"}], "version": "3.0.1", "lessThan": "*", "versionType": "otp"}], "packageURL": "pkg:otp/ssh?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git", "packageName": "ssh", "programFiles": ["lib/ssh/src/ssh_sftpd.erl"], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"], "repo": "https://github.com/erlang/otp", "vendor": "Erlang", "modules": ["ssh_sftp"], "product": "OTP", "versions": [{"status": "affected", "changes": [{"at": "28.0.3", "status": "unaffected"}, {"at": "27.3.4.3", "status": "unaffected"}, {"at": "26.2.5.15", "status": "unaffected"}], "version": "17.0", "lessThan": "*", "versionType": "otp"}, {"status": "affected", "changes": [{"at": "7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a", "status": "unaffected"}, {"at": "548f1295d86d0803da884db8685cc16d461d0d5a", "status": "unaffected"}], "version": "07b8f441ca711f9812fad9e9115bab3c3aa92f79", "lessThan": "*", "versionType": "git"}], "packageURL": "pkg:github/erlang/otp", "packageName": "erlang/otp", "programFiles": ["lib/ssh/src/ssh_sftpd.erl"], "collectionURL": "https://github.com", "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph", "tags": ["vendor-advisory", "related"]}, {"url": "https://cna.erlef.org/cves/CVE-2025-48040.html", "tags": ["related"]}, {"url": "https://osv.dev/vulnerability/EEF-CVE-2025-48040", "tags": ["related"]}, {"url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "tags": ["x_version-scheme"]}, {"url": "https://github.com/erlang/otp/pull/10162", "tags": ["patch"]}, {"url": "https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a", "tags": ["patch"]}, {"url": "https://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a", "tags": ["patch"]}], "workarounds": [{"lang": "en", "value": "* set option parallel_login to false\n * reduce max_sessions option", "supportingMedia": [{"type": "text/html", "value": "<ul><li>set option <tt>parallel_login</tt> to <tt>false</tt></li><li>reduce <tt>max_sessions</tt> option</li></ul>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.", "supportingMedia": [{"type": "text/html", "value": "Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding.<p> This vulnerability is associated with program files <tt>lib/ssh/src/ssh_sftpd.erl</tt>.</p><p>This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "26.2.5.15"}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "27.3.4.3", "versionStartIncluding": "27.0"}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "28.0.3", "versionStartIncluding": "28.0"}], "operator": "OR"}], "operator": "AND"}], "providerMetadata": {"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "shortName": "EEF", "dateUpdated": "2026-04-06T16:44:01.688Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48040", "state": "PUBLISHED", "dateUpdated": "2026-04-06T16:44:01.688Z", "dateReserved": "2025-05-15T08:40:25.455Z", "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "datePublished": "2025-09-11T08:14:19.671Z", "assignerShortName": "EEF"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12."}], "id": "CVE-2025-48040", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "type": "Secondary"}]}, "published": "2025-09-11T09:15:34.400", "references": [{"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://cna.erlef.org/cves/CVE-2025-48040.html"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/pull/10162"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://osv.dev/vulnerability/EEF-CVE-2025-48040"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"}], "sourceIdentifier": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-770"}], "source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "type": "Secondary"}]}

{"bugzilla": {"description": "erlang: Erlang Excessive Resource Consumption", "id": "2394521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394521"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "(CWE-400|CWE-770)", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-48040", "package_state": [{"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Fix deferred", "package_name": "erlang", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Fix deferred", "package_name": "erlang", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Fix deferred", "package_name": "erlang", "product_name": "Red Hat OpenStack Platform 18.0"}], "public_date": "2025-09-11T08:14:19Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-48040\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-48040\nhttps://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a\nhttps://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a\nhttps://github.com/erlang/otp/pull/10162\nhttps://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph\nhttps://www.erlang.org/doc/system/versions.html#order-of-versions"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-22T22:13:01.198836+00:00", "value": {"mitigation_remediation": ["Upgrade Erlang/OTP to the latest release where the ssh_sftpd resource\u2011management issue has been fixed.", "Configure the SSH daemon by setting the parallel_login option to false to prevent concurrent authentication attempts.", "Reduce the max_sessions setting to limit the number of simultaneous SSH sessions a user can open."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The flaw is present in Erlang/OTP releases from version 17.0 up to and including 28.0.3, as well as 27.3.4.3 and 26.2.5.15. The issue resides in the ssh_sftpd module (lib/ssh/src/ssh_sftpd.erl) and affects SSH/SFTP servers using OTP\u2011provided SSH binaries from 3.0.1 through 5.3.3, 5.2.11.3, and 5.1.4.12.", "description_and_impact": "Uncontrolled resource consumption is possible in the Erlang OTP SSH SFTP daemon when a malicious client sends specially crafted key\u2011exchange messages. The vulnerability causes the server to allocate excessive memory or other resources, leading to flooding and eventual denial of service. It aligns with CWE\u2011400 and CWE\u2011770 weaknesses.", "risk_and_exploitability": "The CVSS base score of 6.9 denotes moderate severity, while the EPSS score of less than 1\u202f% suggests a low probability of exploitation, and the vulnerability is not listed in CISA\u2019s KEV catalog. Nevertheless, an attacker could exploit the weakness from the network by initiating an SSH connection and super\u2011regularly demanding key\u2011exchange, thereby stressing the target\u2019s resources. The recommended approach is to apply a vendor patch or upgrade, as the official fixes are available in newer OTP releases; in the interim, disabling parallel logins and lowering max_sessions reduces potential impact."}}}}, "created": "2025-09-12T08:03:09.672689+00:00", "updated": "2026-04-22T22:15:26.359188+00:00", "vendors": ["erlang", "erlang$PRODUCT$otp"]}