{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-48041", "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "state": "PUBLISHED", "assignerShortName": "EEF", "dateReserved": "2025-05-15T08:40:25.455Z", "datePublished": "2025-09-11T08:14:20.508Z", "dateUpdated": "2026-04-07T14:38:02.322Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "modules": ["ssh_sftp"], "packageName": "ssh", "packageURL": "pkg:otp/ssh?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git", "product": "OTP", "programFiles": ["lib/ssh/src/ssh_sftpd.erl"], "repo": "https://github.com/erlang/otp", "vendor": "Erlang", "versions": [{"changes": [{"at": "5.3.3", "status": "unaffected"}, {"at": "5.2.11.3", "status": "unaffected"}, {"at": "5.1.4.12", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "3.0.1", "versionType": "otp"}]}, {"collectionURL": "https://github.com", "cpes": ["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "modules": ["ssh_sftp"], "packageName": "erlang/otp", "packageURL": "pkg:github/erlang/otp", "product": "OTP", "programFiles": ["lib/ssh/src/ssh_sftpd.erl"], "repo": "https://github.com/erlang/otp", "vendor": "Erlang", "versions": [{"changes": [{"at": "28.0.3", "status": "unaffected"}, {"at": "27.3.4.3", "status": "unaffected"}, {"at": "26.2.5.15", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "17.0", "versionType": "otp"}, {"changes": [{"at": "5f9af63eec4657a37663828d206517828cb9f288", "status": "unaffected"}, {"at": "d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "07b8f441ca711f9812fad9e9115bab3c3aa92f79", "versionType": "git"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The SFTP subsystem must be enabled on the SSH server and the SSH port must be reachable by the attacker. SFTP is enabled by default unless explicitly disabled by setting <tt>{subsystems, []}</tt> in the SSH daemon configuration."}], "value": "The SFTP subsystem must be enabled on the SSH server and the SSH port must be reachable by the attacker. SFTP is enabled by default unless explicitly disabled by setting {subsystems, []} in the SSH daemon configuration."}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2.5.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndExcluding": "27.3.4.3", "versionStartIncluding": "27.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndExcluding": "28.0.3", "versionStartIncluding": "28.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "credits": [{"lang": "en", "type": "remediation developer", "value": "Jakub Witczak"}, {"lang": "en", "type": "remediation reviewer", "value": "Ingela Andin"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding.<p> This vulnerability is associated with program files <tt>lib/ssh/src/ssh_sftpd.erl</tt>.</p><p>This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.</p>"}], "value": "Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12."}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}, {"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125 Flooding"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "shortName": "EEF", "dateUpdated": "2026-04-07T14:38:02.322Z"}, "references": [{"tags": ["vendor-advisory", "related"], "url": "https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3"}, {"tags": ["related"], "url": "https://cna.erlef.org/cves/CVE-2025-48041.html"}, {"tags": ["related"], "url": "https://osv.dev/vulnerability/EEF-CVE-2025-48041"}, {"tags": ["x_version-scheme"], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"}, {"tags": ["patch"], "url": "https://github.com/erlang/otp/pull/10157"}, {"tags": ["patch"], "url": "https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288"}, {"tags": ["patch"], "url": "https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401"}], "source": {"discovery": "INTERNAL"}, "title": "SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<ul><li>disabling SFTP<tt></tt></li><li>limiting number of <tt>max_sessions</tt> allowed for <tt>sshd</tt>, so exploiting becomes more complicated</li></ul>"}], "value": "* disabling SFTP\n * limiting number of max_sessions allowed for sshd, so exploiting becomes more complicated"}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-11T13:30:20.449625Z", "id": "CVE-2025-48041", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T14:36:24.389Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48041", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-11T13:30:20.449625Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T13:30:22.815Z"}}], "cna": {"title": "SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "remediation developer", "value": "Jakub Witczak"}, {"lang": "en", "type": "remediation reviewer", "value": "Ingela Andin"}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}, {"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125 Flooding"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"], "repo": "https://github.com/erlang/otp", "vendor": "Erlang", "modules": ["ssh_sftp"], "product": "OTP", "versions": [{"status": "affected", "changes": [{"at": "5.3.3", "status": "unaffected"}, {"at": "5.2.11.3", "status": "unaffected"}, {"at": "5.1.4.12", "status": "unaffected"}], "version": "3.0.1", "lessThan": "*", "versionType": "otp"}], "packageURL": "pkg:otp/ssh?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git", "packageName": "ssh", "programFiles": ["lib/ssh/src/ssh_sftpd.erl"], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"], "repo": "https://github.com/erlang/otp", "vendor": "Erlang", "modules": ["ssh_sftp"], "product": "OTP", "versions": [{"status": "affected", "changes": [{"at": "28.0.3", "status": "unaffected"}, {"at": "27.3.4.3", "status": "unaffected"}, {"at": "26.2.5.15", "status": "unaffected"}], "version": "17.0", "lessThan": "*", "versionType": "otp"}, {"status": "affected", "changes": [{"at": "5f9af63eec4657a37663828d206517828cb9f288", "status": "unaffected"}, {"at": "d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401", "status": "unaffected"}], "version": "07b8f441ca711f9812fad9e9115bab3c3aa92f79", "lessThan": "*", "versionType": "git"}], "packageURL": "pkg:github/erlang/otp", "packageName": "erlang/otp", "programFiles": ["lib/ssh/src/ssh_sftpd.erl"], "collectionURL": "https://github.com", "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3", "tags": ["vendor-advisory", "related"]}, {"url": "https://cna.erlef.org/cves/CVE-2025-48041.html", "tags": ["related"]}, {"url": "https://osv.dev/vulnerability/EEF-CVE-2025-48041", "tags": ["related"]}, {"url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "tags": ["x_version-scheme"]}, {"url": "https://github.com/erlang/otp/pull/10157", "tags": ["patch"]}, {"url": "https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288", "tags": ["patch"]}, {"url": "https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401", "tags": ["patch"]}], "workarounds": [{"lang": "en", "value": "* disabling SFTP\n * limiting number of max_sessions allowed for sshd, so exploiting becomes more complicated", "supportingMedia": [{"type": "text/html", "value": "<ul><li>disabling SFTP<tt></tt></li><li>limiting number of <tt>max_sessions</tt> allowed for <tt>sshd</tt>, so exploiting becomes more complicated</li></ul>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.", "supportingMedia": [{"type": "text/html", "value": "Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding.<p> This vulnerability is associated with program files <tt>lib/ssh/src/ssh_sftpd.erl</tt>.</p><p>This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "configurations": [{"lang": "en", "value": "The SFTP subsystem must be enabled on the SSH server and the SSH port must be reachable by the attacker. SFTP is enabled by default unless explicitly disabled by setting {subsystems, []} in the SSH daemon configuration.", "supportingMedia": [{"type": "text/html", "value": "The SFTP subsystem must be enabled on the SSH server and the SSH port must be reachable by the attacker. SFTP is enabled by default unless explicitly disabled by setting <tt>{subsystems, []}</tt> in the SSH daemon configuration.", "base64": false}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "26.2.5.15"}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "27.3.4.3", "versionStartIncluding": "27.0"}, {"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "28.0.3", "versionStartIncluding": "28.0"}], "operator": "OR"}], "operator": "AND"}], "providerMetadata": {"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "shortName": "EEF", "dateUpdated": "2026-04-07T14:38:02.322Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48041", "state": "PUBLISHED", "dateUpdated": "2026-04-07T14:38:02.322Z", "dateReserved": "2025-05-15T08:40:25.455Z", "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "datePublished": "2025-09-11T08:14:20.508Z", "assignerShortName": "EEF"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12."}], "id": "CVE-2025-48041", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "type": "Secondary"}]}, "published": "2025-09-11T09:15:34.603", "references": [{"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://cna.erlef.org/cves/CVE-2025-48041.html"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/pull/10157"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://osv.dev/vulnerability/EEF-CVE-2025-48041"}, {"source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"}], "sourceIdentifier": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-770"}], "source": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "type": "Secondary"}]}

{"bugzilla": {"description": "erlang: Erlang Exhaustion of File Handles", "id": "2394520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394520"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "(CWE-400|CWE-770)", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-48041", "package_state": [{"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Fix deferred", "package_name": "erlang", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Fix deferred", "package_name": "erlang", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Fix deferred", "package_name": "erlang", "product_name": "Red Hat OpenStack Platform 18.0"}], "public_date": "2025-09-11T08:14:20Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-48041\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-48041\nhttps://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288\nhttps://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401\nhttps://github.com/erlang/otp/pull/10157\nhttps://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3\nhttps://www.erlang.org/doc/system/versions.html#order-of-versions"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-28T00:22:38.115483+00:00", "value": {"mitigation_remediation": ["Disable SFTP in the Erlang OTP sshd configuration to eliminate the vulnerable operation.", "Configure the sshd max_sessions parameter to limit concurrent SFTP sessions, reducing the potential for file handle exhaustion.", "Monitor system resource usage for abnormal file handle counts and apply any future patches once they become available."], "summary": {"action": "Apply Workaround", "impact": "Resource exhaustion via uncontrolled file handle allocation"}, "threat_synthesis": {"affected_systems": "Affected installations include Erlang OTP from version 17.0 through OTP 28.0.3, OTP 27.3.4.3 and OTP 26.2.5.15. The corresponding SSH modules are available in OTP from 3.0.1 to 5.3.3, 5.2.11.3 and 5.1.4.12. Users running the OTP sshd with the SFTP server component on any of these releases are at risk, particularly those exposing SFTP services to untrusted or authenticated clients.", "description_and_impact": "The vulnerability arises from the lack of resource limits in the Erlang OTP SSH server\u2019s SFTP implementation. When an authenticated client issues repeated SSH_FXP_OPENDIR operations the program grows internal data structures without throttling, eventually exhausting the number of open file handles. This leads to denial\u2011of\u2011service of the SFTP service and may impact overall system availability if the ssh_sftpd process becomes unable to open new files. The weakness corresponds to resource\u2011exhaustion attacks (CWE\u2011400) and excessive allocation of system resources (CWE\u2011770).", "risk_and_exploitability": "The CVSS score of 7.1 indicates a high impact vulnerability, while the EPSS score is below 1%, implying a low practical exploitation probability. Although the CVE description does not explicitly state authentication prerequisites, it is inferred that the attack would require access to an SFTP session because the vulnerability resides in the SSH_SFTP module that is only reachable after authentication. An attacker could repeatedly issue SSH_FXP_OPENDIR requests, causing the OTP sshd process to open many file handles until the system exhausts resources. The vulnerability is not listed in CISA KEV. Mitigation can be achieved by disabling or limiting SFTP usage; without an official patch the risk remains until a fixed OTP version is released."}}}}, "created": "2026-04-28T00:30:15.457932+00:00", "updated": "2026-04-28T00:30:15.457944+00:00", "vendors": []}