vulnerability

Debian: CVE-2025-4748: erlang -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:N/I:C/A:C)	Jun 16, 2025	Jun 18, 2025	Nov 26, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:C/A:C)

Published

Jun 16, 2025

Added

Jun 18, 2025

Modified

Nov 26, 2025

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed.

This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

Solutions

debian-upgrade-erlangno-fix-debian-deb-package

References

CVE-2025-4748
https://attackerkb.com/topics/CVE-2025-4748
CWE-22
DEBIAN-DLA-4376-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today