Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed.
This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.
Metrics
Affected Vendors & Products
References
History
Fri, 04 Jul 2025 09:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 16 Jun 2025 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 16 Jun 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 16 Jun 2025 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4. | |
Title | Absolute path traversal in zip:unzip/1,2 | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: EEF
Published: 2025-06-16T11:00:54.643Z
Updated: 2025-07-04T09:07:32.019Z
Reserved: 2025-05-15T08:36:54.783Z
Link: CVE-2025-4748

Updated: 2025-06-16T20:03:21.484Z

Status : Awaiting Analysis
Published: 2025-06-16T11:15:18.730
Modified: 2025-07-04T10:15:23.127
Link: CVE-2025-4748

No data.