vulnerability

Debian: CVE-2025-4748: erlang -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:M/Au:N/C:N/I:P/A:P)

Published

Jun 16, 2025

Added

Jun 18, 2025

Modified

Mar 30, 2026

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed.

This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

Solution

debian-upgrade-erlang

References

CVE-2025-4748
https://attackerkb.com/topics/CVE-2025-4748
CWE-22
DEBIAN-DLA-4376-1
EUVD-EUVD-2025-18414
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-18414

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report