It was discovered that Erlang OTP’s SSH module incorrectly enforced strict KEX handshake hardening measures. A remote attacker able to intercept communications could possibly use this issue to insert optional messages into connections during the handshake. (CVE-2025-46712) It was discovered that Erlang OTP incorrectly handled ZIP archives. If a user or automated system were tricked into opening a specially crafted ZIP archive, a remote attacker could possibly use this issue to overwrite arbitrary files outside of the intended directory. (CVE-2025-4748)
Continue reading...
Continue reading...
