Description
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.

This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
Published: 2025-09-11
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Resource exhaustion via uncontrolled file handle allocation
Action: Apply Workaround
AI Analysis

Impact

The vulnerability arises from the lack of resource limits in the Erlang OTP SSH server’s SFTP implementation. When an authenticated client issues repeated SSH_FXP_OPENDIR operations the program grows internal data structures without throttling, eventually exhausting the number of open file handles. This leads to denial‑of‑service of the SFTP service and may impact overall system availability if the ssh_sftpd process becomes unable to open new files. The weakness corresponds to resource‑exhaustion attacks (CWE‑400) and excessive allocation of system resources (CWE‑770).

Affected Systems

Affected installations include Erlang OTP from version 17.0 through OTP 28.0.3, OTP 27.3.4.3 and OTP 26.2.5.15. The corresponding SSH modules are available in OTP from 3.0.1 to 5.3.3, 5.2.11.3 and 5.1.4.12. Users running the OTP sshd with the SFTP server component on any of these releases are at risk, particularly those exposing SFTP services to untrusted or authenticated clients.

Risk and Exploitability

The CVSS score of 7.1 indicates a high impact vulnerability, while the EPSS score is below 1%, implying a low practical exploitation probability. Although the CVE description does not explicitly state authentication prerequisites, it is inferred that the attack would require access to an SFTP session because the vulnerability resides in the SSH_SFTP module that is only reachable after authentication. An attacker could repeatedly issue SSH_FXP_OPENDIR requests, causing the OTP sshd process to open many file handles until the system exhausts resources. The vulnerability is not listed in CISA KEV. Mitigation can be achieved by disabling or limiting SFTP usage; without an official patch the risk remains until a fixed OTP version is released.

Generated by OpenCVE AI on April 28, 2026 at 00:22 UTC.

Remediation

Vendor Workaround

* disabling SFTP * limiting number of max_sessions allowed for sshd, so exploiting becomes more complicated

OpenCVE Recommended Actions

  • Disable SFTP in the Erlang OTP sshd configuration to eliminate the vulnerable operation.
  • Configure the sshd max_sessions parameter to limit concurrent SFTP sessions, reducing the potential for file handle exhaustion.
  • Monitor system resource usage for abnormal file handle counts and apply any future patches once they become available.

Generated by OpenCVE AI on April 28, 2026 at 00:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4376-1 erlang security update
EUVD EUVD EUVD-2025-27676 Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
History

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
References

Fri, 12 Sep 2025 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Moderate

Thu, 11 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 11 Sep 2025 08:30:00 +0000

Type Values Removed Values Added
Description Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
Title SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles
First Time appeared Erlang
Erlang erlang\/otp
Weaknesses CWE-400
CWE-770
CPEs cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Vendors & Products Erlang
Erlang erlang\/otp
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Erlang Erlang\/otp
cve-icon MITRE

Status: PUBLISHED

Assigner: EEF

Published:

Updated: 2026-04-07T14:38:02.322Z

Reserved: 2025-05-15T08:40:25.455Z

Link: CVE-2025-48041

cve-icon Vulnrichment

Updated: 2025-09-11T13:30:22.815Z

cve-icon NVD

Status : Deferred

Published: 2025-09-11T09:15:34.603

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-48041

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-09-11T08:14:20Z

Links: CVE-2025-48041 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T00:30:15Z

Weaknesses