CVE-2025-46712
published 2025-05-08CVE-2025-46712: Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and…
PriorityP415low3.7CVSS 3.1
AVNACHPRNUINSUCNILAN
EPSS
0.44%
35.3th percentile
Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | erlang | < erlang 1:25.2.3+dfsg-1+deb12u2 (bookworm) | erlang 1:25.2.3+dfsg-1+deb12u2 (bookworm) |
| erlang | otp | < OTP 25.3.2.21 | OTP 25.3.2.21 |
| erlang | otp | — | — |
| erlang | otp | — | — |
| msrc | azl3_erlang_26.2.5.11-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_erlang_26.2.5.12-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_erlang_25.3.2.20-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm2_erlang_25.3.2.21-1_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.13.7LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
osv3.7LOW
vendor_debian3.7LOW
vendor_msrc3.7LOW
vendor_ubuntu3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Erlang vulnerabilities
vendor_ubuntu·2025-07-21·CVSS 3.7
CVE-2025-46712 [LOW] Erlang vulnerabilities
Title: Erlang vulnerabilities
Summary: Several security issues were fixed in Erlang.
It was discovered that Erlang OTP’s SSH module incorrectly enforced strict
KEX handshake hardening measures. A remote attacker able to intercept
communications could possibly use this issue to insert optional messages
into connections during the handshake. (CVE-2025-46712)
It was discovered that Erlang OTP incorrectly handled ZIP archives. If a
user or automated system were tricked into opening a specially crafted ZIP
archive, a remote attacker could possibly use this issue to overwrite
arbitrary files outside of the intended directory. (CVE-2025-4748)
Instructions: After a standard system update you need to reboot your computer to make all
the necessary changes.
Microsoft
Erlang/OTP SSH Has Strict KEX Violations
vendor_msrc·2025-05-13·CVSS 3.7
CVE-2025-46712 [LOW] CWE-440 Erlang/OTP SSH Has Strict KEX Violations
Erlang/OTP SSH Has Strict KEX Violations
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsof
Debian
CVE-2025-46712: erlang - Erlang/OTP is a set of libraries for the Erlang programming language. In version...
vendor_debian·2025·CVSS 3.7
CVE-2025-46712 [LOW] CVE-2025-46712: erlang - Erlang/OTP is a set of libraries for the Erlang programming language. In version...
Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).
Scope: local
bookworm: resolved (fixed in 1:25.2.3+dfsg-1+deb12u2)
bullseye: open
forky: resolved (fixed in 1:27.3.4+dfsg-1)
sid: resolved (fixed in 1:27.3.4+dfsg-1)
trixie: resolved (fixed in 1:27.3.4+dfsg-1)
OSV
erlang vulnerabilities
osv·2025-07-21·CVSS 3.7
CVE-2025-46712 [LOW] erlang vulnerabilities
erlang vulnerabilities
It was discovered that Erlang OTP’s SSH module incorrectly enforced strict
KEX handshake hardening measures. A remote attacker able to intercept
communications could possibly use this issue to insert optional messages
into connections during the handshake. (CVE-2025-46712)
It was discovered that Erlang OTP incorrectly handled ZIP archives. If a
user or automated system were tricked into opening a specially crafted ZIP
archive, a remote attacker could possibly use this issue to overwrite
arbitrary files outside of the intended directory. (CVE-2025-4748)
OSV
CVE-2025-46712: Erlang/OTP is a set of libraries for the Erlang programming language
osv·2025-05-08·CVSS 3.7
CVE-2025-46712 [LOW] CVE-2025-46712: Erlang/OTP is a set of libraries for the Erlang programming language
Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/erlang/otp/commit/e4b56a9f4a511aa9990dd86c16c61439c828df83https://github.com/erlang/otp/releases/tag/OTP-25.3.2.21https://github.com/erlang/otp/releases/tag/OTP-26.2.5.12https://github.com/erlang/otp/releases/tag/OTP-27.3.4https://github.com/erlang/otp/security/advisories/GHSA-934x-xq38-hhqf
2025-05-08
Published