Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.
CVSS breakdown
CVSS 4.0
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
Passive
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
Low
Availability (Vulnerable System)
Low
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
Low
Availability (Subsequent System)
Low
Affected products
References
- VENDOR_ADVISORYhttps://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc
- MISChttps://cna.erlef.org/cves/CVE-2025-4748.html
- MISChttps://osv.dev/vulnerability/EEF-CVE-2025-4748
- MISChttps://www.erlang.org/doc/system/versions.html#order-of-versions
- PATCHhttps://github.com/erlang/otp/pull/9941
- PATCHhttps://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f
- PATCHhttps://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f
- PATCHhttps://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5