Search for vulnerabilities
Vulnerability details: VCID-sw96-fdry-5uh7
Vulnerability ID VCID-sw96-fdry-5uh7
Aliases CVE-2025-30211
Summary Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. Versions OTP-27.3.1, OTP-26.2.5.10, and OTP-25.3.2.19 fix the issue. Some workarounds are available. One may set option `parallel_login` to `false` and/or reduce the `max_sessions` option.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-789 Memory Allocation with Excessive Size Value
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30211.json
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2025-30211
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
ssvc Track https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30211.json
https://api.first.org/data/v1/epss?cve=CVE-2025-30211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30211
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1101713 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101713
2355785 https://bugzilla.redhat.com/show_bug.cgi?id=2355785
CVE-2025-30211 https://nvd.nist.gov/vuln/detail/CVE-2025-30211
GHSA-vvr3-fjhh-cfwc https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
USN-7425-1 https://usn.ubuntu.com/7425-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30211.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:10:23Z/ Found at https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
Exploit Prediction Scoring System (EPSS)
Percentile 0.04651
EPSS Score 0.00032
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-03-28T15:34:34.630574+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2025/30xxx/CVE-2025-30211.json 36.0.0