CVE-2025-48041: 
Erlang OTP vulnerability analysis and mitigation

A vulnerability in Erlang OTP's SSH SFTP module (CVE-2025-48041) affects the handling of SSHFXPOPENDIR operations. The vulnerability exists in OTP versions from 17.0 up to 28.0.3, 27.3.4.3, and 26.2.5.15, corresponding to SSH versions from 3.0.1 up to 5.3.3, 5.2.11.3, and 5.1.4.12. The issue was disclosed on September 11, 2025 (GitHub Advisory).

The vulnerability stems from improper resource allocation control in the SSH SFTP module. While the SSHFXPOPENDIR operation doesn't allocate OS-level file handles, it creates file handles within the Erlang VM without proper limitations. This bypasses operating system-level restrictions on file handle allocation. The vulnerability has been assigned a CVSS v4 base score of 7.1 (High), with attack vector being Network, attack complexity Low, and requiring Low privileges with No user interaction (GitHub Advisory).

The primary impact of this vulnerability is on system availability. Since OS-level limitations are bypassed, the list of file handles can grow unconstrained within the Erlang VM, potentially leading to resource exhaustion that could affect overall system stability. This is specifically a server-side vulnerability that could result in degraded performance or system unavailability (GitHub Advisory).

Two primary mitigation strategies are available: 1) Upgrade to the patched versions (OTP 28.0.3, 27.3.4.3, or 26.2.5.15, or their corresponding SSH versions 5.3.3, 5.2.11.3, or 5.1.4.12), 2) As a temporary workaround, limit the number of maxsessions allowed for sshd to make exploitation more complicated. The vulnerability has been patched by implementing a maxhandles option with a default value of 1000 (GitHub Advisory, GitHub Commit).