How severe is CVE-2025-26618?

This vulnerability has a severity rating of HIGH with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-26618?

This is classified as CWE-789, which is a common weakness in software security.

CVE-2025-26618 - HIGH Severity | CVSS N/A

Vulnerability Description

Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allowed packet size and potentially cause large amount of memory to be allocated. Note that situation described above can only happen for successfully authenticated users after completing the SSH handshake. This issue has been patched in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2023-43632

CRITICAL

CVSS:9.9(Critical)

As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-...

CWE-7892023

CVE-2020-24685

HIGH

CVSS:8.6(High)

An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR ...

CWE-7892020

CVE-2024-20260

HIGH

CVSS:8.6(High)

A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat D...

CWE-7892024

CVE-2021-34854

HIGH

CVSS:7.8(High)

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code...

CWE-7892021

CVE-2021-34868

HIGH

CVSS:7.8(High)

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code o...

CWE-7892021

CVE-2021-34869

HIGH

CVSS:7.8(High)

CWE-7892021