Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-4748

Summary
Assigner-EEF
Assigner Org ID-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Published At-16 Jun, 2025 | 11:00
Updated At-04 Jul, 2025 | 09:07
Rejected At-
Credits

Absolute path traversal in zip:unzip/1,2

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:EEF
Assigner Org ID:6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Published At:16 Jun, 2025 | 11:00
Updated At:04 Jul, 2025 | 09:07
Rejected At:
▼CVE Numbering Authority (CNA)
Absolute path traversal in zip:unzip/1,2

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

Affected Products
Vendor
Erlang
Product
OTP
Repo
https://github.com/erlang/otp
Modules
  • stdlib
Program Files
  • lib/stdlib/src/zip.erl
Program Routines
  • zip:unzip/1
  • zip:unzip/2
  • zip:extract/1
  • zip:extract/2
Default Status
unknown
Versions
Affected
  • From pkg:otp/stdlib@2.0 before pkg:otp/stdlib@* (purl)
    • -> unaffectedfrompkg:otp/stdlib@7.0.1
    • -> unaffectedfrompkg:otp/stdlib@6.2.2.1
    • -> unaffectedfrompkg:otp/stdlib@5.2.3.4
  • From 17.0 before * (otp)
    • -> unaffectedfrom28.0.1
    • -> unaffectedfrom27.3.4.1
    • -> unaffectedfrom26.2.5.13
  • From 07b8f441ca711f9812fad9e9115bab3c3aa92f79 before * (git)
    • -> unaffectedfromd9454dbccbaaad4b8796095c8e653b71b066dfaf
    • -> unaffectedfrom9b7b5431260e05a16eec3ecd530a232d0995d932
    • -> unaffectedfrom0ac548b57c0491196c27e39518b5f6acf9326c1e
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
4.04.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-597CAPEC-597 Absolute Path Traversal
CAPEC-165CAPEC-165 File Manipulation
CAPEC ID: CAPEC-597
Description: CAPEC-597 Absolute Path Traversal
CAPEC ID: CAPEC-165
Description: CAPEC-165 File Manipulation
Solutions
Configurations
Workarounds

You can use zip:list_dir/1 on the archive and verify that no files contain absolute paths before extracting the archive to disk.

Exploits
Credits
finder
Wander Nauta
remediation developer
Lukas Backström
remediation reviewer
Björn Gustavsson
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc
vendor-advisory
https://www.erlang.org/doc/system/versions.html#order-of-versions
x_version-scheme
https://github.com/erlang/otp/pull/9941
patch
https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f
patch
https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f
patch
https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5
patch
Hyperlink: https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc
Resource:
vendor-advisory
Hyperlink: https://www.erlang.org/doc/system/versions.html#order-of-versions
Resource:
x_version-scheme
Hyperlink: https://github.com/erlang/otp/pull/9941
Resource:
patch
Hyperlink: https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f
Resource:
patch
Hyperlink: https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f
Resource:
patch
Hyperlink: https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5
Resource:
patch
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2025/06/16/5
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/06/16/5
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Published At:16 Jun, 2025 | 11:15
Updated At:04 Jul, 2025 | 10:15

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.04.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-22Secondary6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CWE ID: CWE-22
Type: Secondary
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a56b3ad84c-e1a6-4bf7-a703-f496b71e49db
N/A
https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f6b3ad84c-e1a6-4bf7-a703-f496b71e49db
N/A
https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f6b3ad84c-e1a6-4bf7-a703-f496b71e49db
N/A
https://github.com/erlang/otp/pull/99416b3ad84c-e1a6-4bf7-a703-f496b71e49db
N/A
https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc6b3ad84c-e1a6-4bf7-a703-f496b71e49db
N/A
https://www.erlang.org/doc/system/versions.html#order-of-versions6b3ad84c-e1a6-4bf7-a703-f496b71e49db
N/A
http://www.openwall.com/lists/oss-security/2025/06/16/5af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource: N/A
Hyperlink: https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource: N/A
Hyperlink: https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource: N/A
Hyperlink: https://github.com/erlang/otp/pull/9941
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource: N/A
Hyperlink: https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource: N/A
Hyperlink: https://www.erlang.org/doc/system/versions.html#order-of-versions
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/06/16/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found