{"uuid": "2acb806c-404d-4f19-a9c3-894464f81fda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-9G37-PGJ9-WRHC", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18442", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4748\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L)\n\ud83d\udd39 Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2\u00a0unless the memory option is passed.\n\nThis issue affects OTP from OTP 17.0 until OTP\u00a028.0.1, OTP\u00a027.3.4.1 and OTP\u00a026.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.\n\ud83d\udccf Published: 2025-06-16T11:00:54.643Z\n\ud83d\udccf Modified: 2025-06-16T11:00:54.643Z\n\ud83d\udd17 References:\n1. https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc\n2. https://www.erlang.org/doc/system/versions.html#order-of-versions\n3. https://github.com/erlang/otp/pull/9941", "creation_timestamp": "2025-06-16T11:39:57.000000Z"}