{"id":"CVE-2025-4748","details":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed.\n\nThis issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.","aliases":["EEF-CVE-2025-4748","GHSA-9g37-pgj9-wrhc"],"modified":"2026-04-10T05:28:46.758514Z","published":"2025-06-16T11:15:18.730Z","related":["SUSE-SU-2025:02331-1","SUSE-SU-2025:02332-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/06/16/5"},{"type":"WEB","url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"},{"type":"ADVISORY","url":"https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc"},{"type":"FIX","url":"https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5"},{"type":"FIX","url":"https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f"},{"type":"FIX","url":"https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f"},{"type":"FIX","url":"https://github.com/erlang/otp/pull/9941"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/erlang/otp","events":[{"introduced":"0"},{"fixed":"578d4001575aa7647ea1efd4b2b7e3afadcc99a5"}]},{"type":"GIT","repo":"https://github.com/erlang/otp","events":[{"introduced":"0"},{"fixed":"5a55feec10c9b69189d56723d8f237afa58d5d4f"}]},{"type":"GIT","repo":"https://github.com/erlang/otp","events":[{"introduced":"0"},{"fixed":"ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f"}]}],"versions":["OTP-17.0","OTP-18.0","OTP-18.0-rc1","OTP-19.0","OTP-19.0-rc1","OTP-19.0-rc2","OTP-20.0","OTP-20.0-rc1","OTP-20.0-rc2","OTP-21.0","OTP-21.0-rc1","OTP-21.0-rc2","OTP-22.0","OTP-22.0-rc1","OTP-22.0-rc2","OTP-22.0-rc3","OTP-23.0","OTP-23.0-rc1","OTP-23.0-rc2","OTP-23.0-rc3","OTP-24.0","OTP-24.0-rc1","OTP-24.0-rc2","OTP-24.0-rc3","OTP-25.0","OTP-25.0-rc1","OTP-25.0-rc2","OTP-25.0-rc3","OTP-26.0","OTP-26.0-rc1","OTP-26.0-rc2","OTP-26.0-rc3","OTP-26.1","OTP-26.2","OTP-26.2.3","OTP-26.2.4","OTP-26.2.5","OTP-26.2.5.1","OTP-26.2.5.10","OTP-26.2.5.11","OTP-26.2.5.12","OTP-26.2.5.2","OTP-26.2.5.3","OTP-26.2.5.4","OTP-26.2.5.5","OTP-26.2.5.6","OTP-26.2.5.7","OTP-26.2.5.8","OTP-26.2.5.9","OTP-27.0","OTP-27.0-rc1","OTP-27.0-rc2","OTP-27.0-rc3","OTP-27.1","OTP-27.2","OTP-27.3","OTP-27.3.1","OTP-27.3.2","OTP-27.3.3","OTP-27.3.4","OTP-28.0","OTP-28.0-rc1","OTP-28.0-rc2","OTP-28.0-rc3","OTP-28.0-rc4","OTP_17.0-rc1","OTP_17.0-rc2","OTP_R13B03","OTP_R13B04","OTP_R14A","OTP_R14B","OTP_R14B01","OTP_R14B02","OTP_R14B03","OTP_R15A","OTP_R15B","OTP_R16A_RELEASE_CANDIDATE","OTP_R16B","patch-base-26","patch-base-27"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4748.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"}]}