What is CVE-2025-4748?

CVE-2025-4748 is a vulnerability in Erlang Otp, classified under Path Traversal. Published 2025-06-16.

Is CVE-2025-4748 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Erlang Otp

CVE-2025-4748

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/s…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.004 (59.4th percentile) — read the EPSS interpretation.

Affected products

Erlang Otp — versions 2.0, 17.0, 07b8f441ca711f9812fad9e9115bab3c3aa92f79

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc (vendor-advisory, related)
cna.erlef.org/cves/CVE-2025-4748.html (related)
osv.dev/vulnerability/EEF-CVE-2025-4748 (related)
www.erlang.org/doc/system/versions.html (x_version-scheme)
github.com/erlang/otp/pull/9941 (patch)
github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f (patch)
github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f (patch)
github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5 (patch)

Frequently asked questions

What is CVE-2025-4748?: CVE-2025-4748 is a vulnerability in Erlang Otp, classified under Path Traversal. Published 2025-06-16.
Is CVE-2025-4748 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.