CVE-2025-48041 SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5....

CVE-2025-48040

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to...

EEF-CVE-2025-48040 Malicious Key Exchange Messages may Lead to Excessive Resource Consumption

Summary Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15...

CVE-2025-48040 Malicious Key Exchange Messages may Lead to Excessive Resource Consumption

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to...

CVE-2025-48039

CVE-2025-48039 affects Erlang OTP ssh_sftp module (lib/ssh/src/ssh_sftpd.erl) and can cause excessive resource consumption due to unverified paths from authenticated SFTP users. Public disclosures link multiple Linux distro advisories updating Erlang (e.g., openSUSE/SUSE SUSE-SU-2026:20043-1, SUS...

CVE-2025-48039 Unverified Paths can Cause Excessive Use of System Resources

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4...

CVE-2025-48038

CVE-2025-48038 affects Erlang OTP ssh (ssh_sftpd) with Allocation of Resources Without Limits or Throttling, causing excessive resource consumption. The issue is present across multiple OTP/erlang SSH versions (as detailed in the CVE entry) and is being addressed through vendor advisories and sec...

EEF-CVE-2025-48038 Unverified File Handles can Cause Excessive Use of System Resources

Summary Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OT...

CVE-2025-48038

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4...

CVE-2025-48038 Unverified File Handles can Cause Excessive Use of System Resources

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4...

PT-2025-37162

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.3 Erlang OTP versions 26.2.5.15 through 27.3.4.3 Erlang OTP versions 27.3.4.3 Erlang OTP versions 28.0.3 ssh versions 3.0.1 through 5.3.3 ssh versions 5.1.4.12 ssh versions 5.2.11.3 Description An Allocati...

PT-2025-37164

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.3 Erlang OTP versions 26.2.5.15 Erlang OTP versions 27.3.4.3 ssh versions 3.0.1 through 5.3.3 ssh versions 5.1.4.12 ssh versions 5.2.11.3 Description An uncontrolled resource consumption issue exists in...

PT-2025-37163

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.3 Erlang OTP versions 26.2.5.15 through 27.3.4.3 Erlang OTP versions 27.3.4.3 Erlang OTP versions 28.0.3 ssh versions 3.0.1 through 5.3.3 ssh versions 5.1.4.12 ssh versions 5.2.11.3 Description An Allocati...

Erlang/OTP 安全漏洞

Erlang/OTP is an Erlang/OTP open source library written in JavaScript that handles handling exceptions. The library catches exceptions raised by the node.js built-in API. A security vulnerability exists in Erlang/OTP versions 17.0 through 28.0.3, 27.3.4.3, and 26.2.5.15, which stems from...

Erlang/OTP (Erlang OTP) Multiple Vulnerabilities (Sep 2025) - Windows

Erlang/OTP Erlang OTP is prone to multiple vulnerabilities in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-20159

A vulnerability in the management interface access control list ACL processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not...

CVE-2025-20159 Cisco IOS XR Software Management Interface ACL Bypass Vulnerability

A vulnerability in the management interface access control list ACL processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not...

Cisco IOS XR Software Management Interface ACL Bypass Vulnerability

A vulnerability in the management interface access control list ACL processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not...

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

PT-2025-37063

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the management interface access control list ACL processing feature could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH,...