3.7

CVE-2025-46712

EPSS 0.03%
Veröffentlicht 08.05.2025 19:26:27
Zuletzt bearbeitet 12.05.2025 17:32:52
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellererlang

≫

Produkt otp

Version >= OTP 27.0, < OTP 27.3.4

Status affected

Version >= OTP 26.2.1, < OTP 26.2.5.12

Status affected

Version < OTP 25.3.2.21

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.06

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-440 Expected Behavior Violation

A feature, API, or function does not perform according to its specification.

https://github.com/erlang/otp/security/advisories/GHSA-934x-xq38-hhqf

https://github.com/erlang/otp/releases/tag/OTP-25.3.2.21

https://github.com/erlang/otp/releases/tag/OTP-26.2.5.12

https://github.com/erlang/otp/releases/tag/OTP-27.3.4

https://nvd.nist.gov/vuln/detail/CVE-2025-46712

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-46712

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-46712

EUVD