{"uuid": "4664cb29-9c6b-47dc-98f1-90d42d2ded84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46712", "type": "seen", "source": "https://t.me/cvedetector/24867", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46712 - Erlang/OTP SSH Man-in-the-Middle Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46712 \nPublished : May 8, 2025, 8:15 p.m. | 1\u00a0hour, 18\u00a0minutes ago \nDescription : Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25). \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T00:19:03.000000Z"}