216.73.216.86

CVE-2025-4748

· Published 16/06/2025 11:15 · Modified 16/06/2025 20:15

Labels: CVE-2025-4748 2025-06-166b3ad84c-e1a6-4bf7-a703-f496b71e49dbCVE-2025-4748CWE-22

Essential information

Published
16/06/2025 11:15
Modified
16/06/2025 20:15
Author
Creator
CVSS
4.8 MEDIUM (v3) 4.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
6b3ad84c-e1a6-4bf7-a703-f496b71e49db
NVD
View on NVD

Affected products (CPE)

ProductCPE
erlang / otp cpe:2.3:a:erlang:otp:17.0-28.0.1:*:*:*:*:*:*:*
erlang / otp cpe:2.3:a:erlang:otp:27.3.4.1:*:*:*:*:*:*:*
erlang / otp cpe:2.3:a:erlang:otp:26.2.5.13:*:*:*:*:*:*:*
erlang / stdlib cpe:2.3:a:erlang:stdlib:2.0-7.0.1:*:*:*:*:*:*:*
erlang / stdlib cpe:2.3:a:erlang:stdlib:6.2.2.1:*:*:*:*:*:*:*
erlang / stdlib cpe:2.3:a:erlang:stdlib:5.2.3.4:*:*:*:*:*:*:*

References