There’s a new Erlang OTP vulnerability, CVE-2025-4748. It’s an Absolute Path Traversal vulnerability involving a Zip archive, which I have a lot of practice with. It affects Erlang OTP, which a coworker has already written about recently and noted the necessary steps to set up an environment. This is a “local” vulnerability (unless you’re unpacking a Zip archive as part of a network call), but is still fun to play with. Here’s how to reproduce: Setup Similarly to the prior work of...
