CVE-2025-30211: CWE-789: Memory Allocation with Excessive Size Value in erlang otp
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. Versions OTP-27.3.1, OTP-26.2.5.10, and OTP-25.3.2.19 fix the issue. Some workarounds are available. One may set option `parallel_login` to `false` and/or reduce the `max_sessions` option.
AI Analysis
Technical Summary
CVE-2025-30211 is a vulnerability classified under CWE-789 (Memory Allocation with Excessive Size Value) affecting Erlang/OTP versions prior to OTP-27.3.1, 26.2.5.10, and 25.3.2.19. The issue stems from the failure to enforce RFC-specified limits on the length of algorithm names (64 characters) in the KEX init message used during key exchange negotiation. A maliciously crafted KEX init packet containing algorithm names exceeding this limit can cause the Erlang/OTP implementation to allocate an excessively large amount of memory. This excessive allocation occurs during the processing of error data related to the malformed packet, leading to inefficient resource usage and potentially causing the system to exhaust available memory. The vulnerability can be exploited remotely without authentication or user interaction, making it a network-exploitable denial-of-service vector. The affected component is critical in systems relying on Erlang for distributed computing, telecommunications, and messaging platforms. The issue has been addressed in OTP versions 27.3.1, 26.2.5.10, and 25.3.2.19. In the interim, mitigations include setting the 'parallel_login' option to false and reducing the 'max_sessions' parameter to limit resource consumption during session establishment.
Potential Impact
The primary impact of CVE-2025-30211 is on system availability due to potential denial-of-service caused by memory exhaustion. European organizations that deploy Erlang/OTP in critical infrastructure, such as telecommunications providers, financial services, and messaging platforms, may experience service disruptions if targeted. The vulnerability does not compromise confidentiality or integrity but can degrade service reliability and availability, leading to operational downtime and potential financial losses. Given Erlang's widespread use in telecom and distributed systems across Europe, exploitation could disrupt communication services and backend processing. The ease of remote exploitation without authentication increases the risk of automated attacks. Organizations with high Erlang dependency and large-scale deployments are particularly vulnerable, as memory exhaustion could cascade into broader system instability.
Mitigation Recommendations
To mitigate CVE-2025-30211, organizations should prioritize upgrading Erlang/OTP to versions 27.3.1, 26.2.5.10, or 25.3.2.19 where the vulnerability is patched. If immediate upgrade is not feasible, apply configuration workarounds by disabling the 'parallel_login' option to prevent concurrent session establishment that exacerbates memory usage. Additionally, reduce the 'max_sessions' parameter to limit the number of simultaneous sessions, thereby controlling resource allocation. Network-level protections such as rate limiting and deep packet inspection can help detect and block malformed KEX init messages. Monitoring memory usage patterns and setting alerts for abnormal spikes can provide early warning of exploitation attempts. Implementing strict input validation and anomaly detection on key exchange messages at the application or network gateway level can further reduce risk. Regularly review Erlang/OTP deployments and maintain updated inventories to ensure timely patching and configuration management.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark, Italy, Spain
CVE-2025-30211: CWE-789: Memory Allocation with Excessive Size Value in erlang otp
Description
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. Versions OTP-27.3.1, OTP-26.2.5.10, and OTP-25.3.2.19 fix the issue. Some workarounds are available. One may set option `parallel_login` to `false` and/or reduce the `max_sessions` option.
AI-Powered Analysis
Technical Analysis
CVE-2025-30211 is a vulnerability classified under CWE-789 (Memory Allocation with Excessive Size Value) affecting Erlang/OTP versions prior to OTP-27.3.1, 26.2.5.10, and 25.3.2.19. The issue stems from the failure to enforce RFC-specified limits on the length of algorithm names (64 characters) in the KEX init message used during key exchange negotiation. A maliciously crafted KEX init packet containing algorithm names exceeding this limit can cause the Erlang/OTP implementation to allocate an excessively large amount of memory. This excessive allocation occurs during the processing of error data related to the malformed packet, leading to inefficient resource usage and potentially causing the system to exhaust available memory. The vulnerability can be exploited remotely without authentication or user interaction, making it a network-exploitable denial-of-service vector. The affected component is critical in systems relying on Erlang for distributed computing, telecommunications, and messaging platforms. The issue has been addressed in OTP versions 27.3.1, 26.2.5.10, and 25.3.2.19. In the interim, mitigations include setting the 'parallel_login' option to false and reducing the 'max_sessions' parameter to limit resource consumption during session establishment.
Potential Impact
The primary impact of CVE-2025-30211 is on system availability due to potential denial-of-service caused by memory exhaustion. European organizations that deploy Erlang/OTP in critical infrastructure, such as telecommunications providers, financial services, and messaging platforms, may experience service disruptions if targeted. The vulnerability does not compromise confidentiality or integrity but can degrade service reliability and availability, leading to operational downtime and potential financial losses. Given Erlang's widespread use in telecom and distributed systems across Europe, exploitation could disrupt communication services and backend processing. The ease of remote exploitation without authentication increases the risk of automated attacks. Organizations with high Erlang dependency and large-scale deployments are particularly vulnerable, as memory exhaustion could cascade into broader system instability.
Mitigation Recommendations
To mitigate CVE-2025-30211, organizations should prioritize upgrading Erlang/OTP to versions 27.3.1, 26.2.5.10, or 25.3.2.19 where the vulnerability is patched. If immediate upgrade is not feasible, apply configuration workarounds by disabling the 'parallel_login' option to prevent concurrent session establishment that exacerbates memory usage. Additionally, reduce the 'max_sessions' parameter to limit the number of simultaneous sessions, thereby controlling resource allocation. Network-level protections such as rate limiting and deep packet inspection can help detect and block malformed KEX init messages. Monitoring memory usage patterns and setting alerts for abnormal spikes can provide early warning of exploitation attempts. Implementing strict input validation and anomaly detection on key exchange messages at the application or network gateway level can further reduce risk. Regularly review Erlang/OTP deployments and maintain updated inventories to ensure timely patching and configuration management.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-03-18T18:15:13.850Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69091543c28fd46ded7bb30e
Added to database: 11/3/2025, 8:49:07 PM
Last enriched: 11/3/2025, 9:09:01 PM
Last updated: 12/20/2025, 12:57:50 PM
Views: 43
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-14298: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in damian-gora FiboSearch – Ajax Search for WooCommerce
MediumCVE-2025-12492: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in ultimatemember Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
MediumCVE-2025-13619: CWE-269 Improper Privilege Management in CMSSuperHeroes Flex Store Users
CriticalCVE-2025-12820: CWE-862 Missing Authorization in Pure WC Variation Swatches
UnknownCVE-2025-14735: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in nestornoe Amazon affiliate lite Plugin
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.