CVE-2025-4748 is a CWE-22 path traversal vulnerability found in the Erlang Open Telecom Platform (OTP) standard library, specifically within the zip module (lib/stdlib/src/zip.erl). The vulnerability exists in the zip:unzip/1, zip:unzip/2, zip:extract/1, and zip:extract/2 functions when extracting zip archives, except when the memory option is used. The flaw allows an attacker to specify absolute paths in zip entries, bypassing directory restrictions and enabling files to be written outside the intended extraction directory. This improper limitation of pathname can lead to unauthorized file creation or overwriting, potentially compromising system integrity or enabling further attacks. The affected OTP versions range from 17.0 up to 28.0.1, including specific stdlib versions from 2.0 to 7.0.1 and intermediate patches. Exploitation requires local access and user interaction but no privileges or authentication. The vulnerability has a CVSS 4.8 (medium) score, reflecting moderate impact and exploitation complexity. No public exploits have been reported yet, but the issue poses a risk to any system extracting untrusted zip files using vulnerable OTP versions.

The primary impact of this vulnerability is unauthorized file manipulation through path traversal during zip extraction, which can lead to overwriting critical system or application files, insertion of malicious payloads, or disruption of service. This compromises system integrity and may facilitate privilege escalation or persistent malware installation if exploited in a multi-stage attack. Availability could be affected if critical files are overwritten or deleted. Confidentiality impact is limited but possible if sensitive files are overwritten or replaced with malicious versions. Since exploitation requires local access and user interaction, remote exploitation risk is low unless combined with other vulnerabilities or social engineering. Organizations relying on Erlang OTP for telecommunications, messaging platforms, or distributed systems could face operational disruptions or security breaches if this vulnerability is exploited.

To mitigate this vulnerability, organizations should: 1) Upgrade Erlang OTP to a version beyond 28.0.1 or apply vendor patches once available. 2) Avoid extracting untrusted zip files using vulnerable OTP versions, especially without the memory option enabled. 3) Use the memory option in zip:unzip and zip:extract functions to prevent filesystem writes during extraction. 4) Implement strict input validation and sanitization on zip file contents before extraction. 5) Employ least privilege principles to limit user permissions on systems running Erlang OTP, reducing the impact of potential exploitation. 6) Monitor file system changes and audit logs for unusual file creation or modification patterns indicative of exploitation attempts. 7) Educate users about the risks of opening untrusted archives and enforce policies restricting such actions. These steps go beyond generic patching by emphasizing configuration options and operational controls to reduce attack surface.