CVE-2025-4748 in erlang | CVE-2025-4748

Q: How to fix?

There is no fixed version for Debian:13 erlang .

Threat Intelligence

0.02% (5^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-DEBIAN13-ERLANG-10363153
published17 Jun 2025
disclosed16 Jun 2025

Report a new vulnerability Found a mistake?

Introduced: 16 Jun 2025

NewCVE-2025-4748 (opens in a new tab)

How to fix?

There is no fixed version for Debian:13 erlang.

NVD Description

Note: Versions mentioned in the description apply only to the upstream erlang package and not the erlang package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed.

This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

CVE-2025-4748 Affecting erlang package, versions *

Severity

Threat Intelligence

Do your applications use this vulnerable package?

Introduced: 16 Jun 2025

How to fix?

NVD Description

References