CVE-2025-48041 is a vulnerability classified under CWE-770 (Allocation of Resources Without Limits or Throttling) and CWE-400 (Uncontrolled Resource Consumption) affecting the Erlang Open Telecom Platform (OTP), specifically the ssh_sftp modules within the ssh_sftpd.erl file. This flaw exists in OTP versions from 17.0 through 28.0.3 and corresponding ssh package versions from 3.0.1 through 5.3.3. The vulnerability allows an unauthenticated remote attacker to trigger excessive allocation of system resources by exploiting the lack of throttling or limits in the resource allocation logic of the ssh_sftp server implementation. Because the vulnerability does not require authentication or user interaction, it can be exploited remotely over the network, making it highly accessible. The excessive resource consumption can lead to denial of service (DoS) conditions, impacting the availability of services relying on Erlang OTP's SSH/SFTP capabilities. The CVSS 4.0 vector (AV:N/AC:L/AT:N/UI:N/PR:L/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N) indicates network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on availability. No patches or exploit code are currently publicly available, but the vulnerability's presence in widely used OTP versions necessitates urgent attention. Erlang OTP is commonly used in telecommunications, distributed systems, and cloud platforms, making this vulnerability relevant to critical infrastructure and enterprise environments.

The primary impact of CVE-2025-48041 is the potential for denial of service due to resource exhaustion on systems running vulnerable Erlang OTP versions. Organizations relying on Erlang OTP for SSH or SFTP services may experience service outages or degraded performance, affecting business continuity and operational reliability. This can disrupt telecommunications infrastructure, cloud services, and enterprise applications that depend on Erlang's robust concurrency and distributed computing features. The vulnerability's ease of exploitation without authentication increases the risk of widespread attacks, potentially enabling attackers to target multiple systems simultaneously. Additionally, prolonged resource exhaustion could lead to cascading failures in dependent services or infrastructure. While no data confidentiality or integrity impacts are indicated, availability degradation alone can have severe operational and financial consequences, especially for service providers and critical infrastructure operators.

To mitigate CVE-2025-48041, organizations should first identify all systems running vulnerable Erlang OTP versions, particularly those using the ssh_sftp modules. Immediate steps include applying any vendor-released patches or updates once available. In the absence of patches, implement network-level protections such as rate limiting and connection throttling on SSH/SFTP services to prevent excessive resource consumption from a single source. Deploy intrusion detection and prevention systems (IDS/IPS) with signatures or heuristics to detect abnormal SSH/SFTP traffic patterns indicative of flooding attempts. Consider isolating vulnerable services behind firewalls or VPNs to restrict access to trusted users and networks. Monitoring resource utilization metrics closely can help detect early signs of exploitation. Additionally, review and harden Erlang OTP configurations to enforce stricter resource limits if configurable. Engage with Erlang OTP maintainers or community for guidance and updates. Finally, incorporate this vulnerability into incident response plans to ensure rapid reaction if exploitation attempts are detected.