Exploiting Erlang OTP with Zip files: CVE-2025-4748

This report details CVE-2025-4748, an absolute path traversal vulnerability in the Erlang OTP zip module, and provides step-by-step reproduction and a proof-of-concept that creates a ZIP with an absolute path to overwrite /home/remy/.bashrc, demonstrating potential code execution on user login. The exploit is local by default but can lead to remote impact if archives are unpacked from untrusted network sources.