Description

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).

INFO

Published Date :

2025-05-08T19:26:27.563Z

Last Modified :

2026-01-12T14:40:27.446Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-46712 vulnerability.

Vendors Products
Erlang
  • Otp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-46712.

URL Resource
https://github.com/erlang/otp/commit/e4b56a9f4a511aa9990dd86c16c61439c828df83 cve-icon cve-icon
https://github.com/erlang/otp/releases/tag/OTP-25.3.2.21 cve-icon cve-icon
https://github.com/erlang/otp/releases/tag/OTP-26.2.5.12 cve-icon cve-icon
https://github.com/erlang/otp/releases/tag/OTP-27.3.4 cve-icon cve-icon
https://github.com/erlang/otp/security/advisories/GHSA-934x-xq38-hhqf cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact