CVE-2025-46712
LOWDescription
Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).
CVSS v3.1 Score
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-46712? +
How severe is CVE-2025-46712? +
How do I check if I'm vulnerable to CVE-2025-46712? +
Related Vulnerabilities
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. …
In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows …
Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this …
Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 versions.
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications …
A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing …