CVE-2025-26618: CWE-789: Memory Allocation with Excessive Size Value in erlang otp
Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allowed packet size and potentially cause large amount of memory to be allocated. Note that situation described above can only happen for successfully authenticated users after completing the SSH handshake. This issue has been patched in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are no known workarounds for this vulnerability.
AI Analysis
Technical Summary
CVE-2025-26618 is a vulnerability classified under CWE-789 (Memory Allocation with Excessive Size Value) found in the Erlang OTP platform, specifically within its SSH server implementation handling SFTP packets. Erlang OTP is widely used for building scalable, high-availability systems, and its SSH server component processes incoming SSH packets, including those for SFTP operations. The vulnerability occurs because the system fails to properly validate the size of SFTP packets formed by concatenating multiple SSH packets, each conforming to the maximum SSH packet size. When these packets are combined, the resulting SFTP packet can exceed the maximum allowed size, leading the system to allocate an excessive amount of memory. This unchecked allocation can cause resource exhaustion, potentially resulting in denial of service (DoS) conditions. Exploitation requires an attacker to be a successfully authenticated user post-SSH handshake, meaning the attacker must have valid credentials or access tokens. No user interaction beyond authentication is necessary. The vulnerability affects OTP versions starting from 25.0 up to but not including 25.3.2.18, 26.0.0.0 up to 26.2.5.9, and 27.0.0 up to 27.2.4. The issue has been addressed in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. No known exploits have been reported in the wild, and no workarounds exist, emphasizing the importance of applying official patches. The CVSS v4.0 score is 7.0 (high severity), reflecting network attack vector, high privileges required, and high impact on availability due to potential memory exhaustion. This vulnerability poses a significant risk to systems relying on Erlang OTP's SSH server for SFTP file transfers, especially in environments requiring high availability and robust security.
Potential Impact
For European organizations, the impact of CVE-2025-26618 can be substantial, particularly for those utilizing Erlang OTP in critical infrastructure, telecommunications, financial services, or cloud platforms where Erlang is prevalent. The vulnerability can be exploited by authenticated users to cause excessive memory allocation, leading to denial of service and potential disruption of essential services. This can degrade system availability, impact business continuity, and increase operational costs due to downtime and recovery efforts. Organizations relying on SFTP over SSH for secure file transfers may face interruptions, affecting data exchange and automated workflows. Additionally, the requirement for authenticated access means insider threats or compromised credentials could be leveraged to exploit this vulnerability. The absence of workarounds and the need for patching underscore the urgency for affected entities to update their OTP versions promptly. Failure to do so could expose European organizations to service outages and potential reputational damage, especially in sectors with stringent uptime and security requirements.
Mitigation Recommendations
1. Immediate patching: Upgrade Erlang OTP installations to versions 27.2.4, 26.2.5.9, or 25.3.2.18 or later, as these contain the fix for this vulnerability. 2. Access control: Restrict SSH access to trusted users only and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of unauthorized authenticated access. 3. Monitoring and alerting: Implement monitoring for unusual memory usage patterns or SSH session anomalies that could indicate exploitation attempts. 4. Network segmentation: Isolate critical systems running Erlang OTP SSH servers to limit exposure and lateral movement in case of compromise. 5. Credential management: Regularly audit and rotate SSH credentials and keys to minimize the risk of credential compromise. 6. Incident response readiness: Prepare response plans for potential denial of service incidents related to this vulnerability, including resource scaling and failover strategies. 7. Vendor communication: Stay informed through Erlang OTP vendor advisories and security bulletins for any updates or additional mitigations. These steps go beyond generic advice by focusing on controlling authenticated access, proactive monitoring, and operational readiness.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark, Ireland, Belgium
CVE-2025-26618: CWE-789: Memory Allocation with Excessive Size Value in erlang otp
Description
Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allowed packet size and potentially cause large amount of memory to be allocated. Note that situation described above can only happen for successfully authenticated users after completing the SSH handshake. This issue has been patched in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are no known workarounds for this vulnerability.
AI-Powered Analysis
Technical Analysis
CVE-2025-26618 is a vulnerability classified under CWE-789 (Memory Allocation with Excessive Size Value) found in the Erlang OTP platform, specifically within its SSH server implementation handling SFTP packets. Erlang OTP is widely used for building scalable, high-availability systems, and its SSH server component processes incoming SSH packets, including those for SFTP operations. The vulnerability occurs because the system fails to properly validate the size of SFTP packets formed by concatenating multiple SSH packets, each conforming to the maximum SSH packet size. When these packets are combined, the resulting SFTP packet can exceed the maximum allowed size, leading the system to allocate an excessive amount of memory. This unchecked allocation can cause resource exhaustion, potentially resulting in denial of service (DoS) conditions. Exploitation requires an attacker to be a successfully authenticated user post-SSH handshake, meaning the attacker must have valid credentials or access tokens. No user interaction beyond authentication is necessary. The vulnerability affects OTP versions starting from 25.0 up to but not including 25.3.2.18, 26.0.0.0 up to 26.2.5.9, and 27.0.0 up to 27.2.4. The issue has been addressed in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. No known exploits have been reported in the wild, and no workarounds exist, emphasizing the importance of applying official patches. The CVSS v4.0 score is 7.0 (high severity), reflecting network attack vector, high privileges required, and high impact on availability due to potential memory exhaustion. This vulnerability poses a significant risk to systems relying on Erlang OTP's SSH server for SFTP file transfers, especially in environments requiring high availability and robust security.
Potential Impact
For European organizations, the impact of CVE-2025-26618 can be substantial, particularly for those utilizing Erlang OTP in critical infrastructure, telecommunications, financial services, or cloud platforms where Erlang is prevalent. The vulnerability can be exploited by authenticated users to cause excessive memory allocation, leading to denial of service and potential disruption of essential services. This can degrade system availability, impact business continuity, and increase operational costs due to downtime and recovery efforts. Organizations relying on SFTP over SSH for secure file transfers may face interruptions, affecting data exchange and automated workflows. Additionally, the requirement for authenticated access means insider threats or compromised credentials could be leveraged to exploit this vulnerability. The absence of workarounds and the need for patching underscore the urgency for affected entities to update their OTP versions promptly. Failure to do so could expose European organizations to service outages and potential reputational damage, especially in sectors with stringent uptime and security requirements.
Mitigation Recommendations
1. Immediate patching: Upgrade Erlang OTP installations to versions 27.2.4, 26.2.5.9, or 25.3.2.18 or later, as these contain the fix for this vulnerability. 2. Access control: Restrict SSH access to trusted users only and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of unauthorized authenticated access. 3. Monitoring and alerting: Implement monitoring for unusual memory usage patterns or SSH session anomalies that could indicate exploitation attempts. 4. Network segmentation: Isolate critical systems running Erlang OTP SSH servers to limit exposure and lateral movement in case of compromise. 5. Credential management: Regularly audit and rotate SSH credentials and keys to minimize the risk of credential compromise. 6. Incident response readiness: Prepare response plans for potential denial of service incidents related to this vulnerability, including resource scaling and failover strategies. 7. Vendor communication: Stay informed through Erlang OTP vendor advisories and security bulletins for any updates or additional mitigations. These steps go beyond generic advice by focusing on controlling authenticated access, proactive monitoring, and operational readiness.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-02-12T14:51:02.719Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6909153cc28fd46ded7bacaa
Added to database: 11/3/2025, 8:49:00 PM
Last enriched: 11/3/2025, 8:58:24 PM
Last updated: 11/5/2025, 11:53:22 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-12497: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in averta Premium Portfolio Features for Phlox theme
HighCVE-2025-11745: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in spacetime Ad Inserter – Ad Manager & AdSense Ads
MediumCVE-2025-58337: CWE-284 Improper Access Control in Apache Software Foundation Apache Doris-MCP-Server
UnknownCVE-2025-12469: CWE-862 Missing Authorization in amans2k FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
MediumCVE-2025-12468: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in amans2k FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.