How severe is CVE-2025-46712?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2025-46712?

This is classified as CWE-440, which is a common weakness in software security.

CVE-2025-46712 - LOW Severity | CVSS 3.7

Vulnerability Description

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).

Related Vulnerabilities

CVE-2025-32728

LOW

CVSS:3.8(Low)

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

CWE-4402025

CVE-2024-38806

LOW

CVSS:3.9(Low)

Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users reta...

CWE-4402024

CVE-2024-56202

MEDIUM

CVSS:4.3(Medium)

Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to ...

CWE-4402024

CVE-2024-8690

MEDIUM

CVSS:4.4(Medium)

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leverage...

CWE-4402024

CVE-2023-26819

LOW

CVSS:2.9(Low)

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.

CWE-4402023

CVE-2025-27401

MEDIUM

CVSS:4.6(Medium)

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. How...

CWE-4402025