What is CVE-2025-26618?

A high-severity vulnerability in Erlang OTP could lead to memory allocation issues due to improper packet size verification in SFTP. Organizations must patch immediately to mitigate risks.

What is the severity of CVE-2025-26618?

CVE-2025-26618 has a severity rating of HIGH with a CVSS base score of 7.

CVE-2025-26618 | High Vulnerability in Erlang OTP

CVE-2025-26618 is a high-severity vulnerability affecting Erlang, a programming language and runtime system designed for building scalable soft real-time systems. This vulnerability arises from improper verification of packet sizes for SFTP packets. When multiple SSH packets, conforming to the maximum SSH packet size, are received, they may be combined into an SFTP packet that exceeds the maximum allowed size, potentially leading to significant memory allocation issues.

Exploitation of this vulnerability can occur only after successful authentication and completion of the SSH handshake. The potential impact is significant, as it can lead to performance degradation and resource exhaustion in systems utilizing Erlang OTP.

This vulnerability has been assigned a CVSS score of 7.0, categorizing it as high severity. Given the potential for high availability impacts, organizations should prioritize patching the affected systems immediately to mitigate any risks associated with this vulnerability.

The vulnerability was published on February 20, 2025, and has been addressed in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are currently no known workarounds for this issue.

Vulnerability Details

The vulnerability in Erlang OTP is classified under CWE-789, indicating an improper control of the generation of code ('Control of Generation of Code'). The attack vector is categorized as NETWORK, with low privileges required, allowing unauthenticated users to exploit the vulnerability once they have authenticated to the system.

Technical Analysis

The root cause of CVE-2025-26618 is linked to the lack of proper verification of packet sizes for SFTP packets. When multiple SSH packets are received, they can be combined into a single SFTP packet that exceeds the maximum allowed size, leading to excessive memory allocation.

The attack complexity is rated as HIGH, meaning that exploitation requires a certain level of skill and conditions to be successfully manipulated. Privileges required for exploitation are LOW, as the attack can occur after user authentication. No user interaction is necessary for exploitation, making it easier for attackers to take advantage of this vulnerability once the conditions are met.

Risk & Impact Analysis

Risk to organizations includes potential performance degradation and resource exhaustion due to excessive memory allocation. The blast radius can be significant, particularly for systems relying heavily on Erlang OTP for operation, as the vulnerability affects authenticated users post-SSH handshake.

Given the CVSS score of 7.0, organizations should address this vulnerability in their priority patch cycle. The lack of known workarounds further emphasizes the urgency for organizations to implement the necessary updates.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of OTP are 27.2.4, 26.2.5.9, and 25.3.2.18. If version information is not available, it is advised to consider all versions prior to the vendor patch.

Mitigation & Remediation

Organizations should prioritize patching immediately. The following versions contain the necessary fixes: 27.2.4, 26.2.5.9, and 25.3.2.18. If immediate patching is not possible, consider implementing network controls to limit access to the affected services.

For ongoing security, organizations should engage in penetration testing to identify and remediate similar vulnerabilities.

Detection Guidance

Organizations should implement monitoring for abnormal memory usage patterns and analyze logs for successful SSH authentications followed by SFTP requests. Behavioral anomalies may indicate attempts to exploit this vulnerability.

AppSecure Threat Intelligence Insight

CVE-2025-26618 highlights the ongoing challenges in ensuring robust security for network protocols. As vulnerabilities like this continue to emerge, organizations must remain vigilant and proactive in their security measures.

Security teams should consider revisiting their vulnerability management program to ensure that they are prepared to handle similar vulnerabilities.

Additionally, organizations should review their penetration testing methodology to identify potential gaps in their defenses.

Finally, organizations should strive to maintain up-to-date defenses against emerging threats by embracing a comprehensive security testing program that encompasses all aspects of their infrastructure.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-26618: High Vulnerability in Erlang OTP