CVE-2025-48039 — Allocation of Resources Without Limits or Throttling vulnerability in Erlang…

/HIGH
CVE Notify vulnerabilitycveidentity
CVE-2025-48039 — Allocation of Resources Without Limits or Throttling vulnerability in Erlang…

🚨 CVE-2025-48039 Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (sshsftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP form OTP 17.0 until OTP 2

Unverified Paths can Cause Excessive Use of System Resources
cna.erlef.org

What This Means For You

  • New vulnerability disclosed — verify if your stack is exposed.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access

Indicators of Compromise

IDTypeIndicator
CVE-2025-48039 Resource Leak Erlang OTP ssh (ssh_sftp modules), affected versions OTP 17.0 to 28.0.3, OTP 27.3.4.3, 26.2.5.15; ssh versions 3.0.1 to 5.3.3, 5.2.11.3, 5.1.4.12. Vulnerable component: lib/ssh/src/ssh_sftpd.erl
CVE-2025-48039 Excessive Allocation Erlang OTP ssh (ssh_sftp modules), affected versions OTP 17.0 to 28.0.3, OTP 27.3.4.3, 26.2.5.15; ssh versions 3.0.1 to 5.3.3, 5.2.11.3, 5.1.4.12. Vulnerable component: lib/ssh/src/ssh_sftpd.erl
🔎
Turn this CVE into SIEM detection coverage Generate detection rules for Splunk, Sentinel, QRadar & Elastic — straight from this vulnerability. Use /detect in the Intel Bot.
Open Intel Bot →
Source & Attribution
Source PlatformTelegram
ChannelCVE Notify
PublishedApril 06, 2026 at 20:26 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related coverage

BookingPress Pro Plugin: Critical RCE via Unauthenticated File Upload

CVE-2026-6960 — The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-434
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-22678 — The Email Template Description Field Of The System And Serve Cross-Site Scripting (XSS)

CVE-2026-22678 — Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that...

vulnerabilityCVEmedium-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /MEDIUM /5.4 /⚑ 2 IOCs /⚙ 3 Sigma

LiteLLM Privilege Escalation: User Role Manipulation Grants Admin Access (CVE-2026-47102)

CVE-2026-47102 — LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to...

vulnerabilityCVEhigh-severitycwe-863
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 3 IOCs /⚙ 2 Sigma