CVE-2025-52574
BaseFortify
Publication date: 2025-06-24
Last updated on: 2025-06-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52574 is a path traversal vulnerability in the SysmonElixir system monitor HTTP service, specifically in the /read endpoint. Before version 1.0.1, this endpoint allowed users to specify any file path to read, defaulting to reading sensitive files like /etc/passwd without any validation. This meant attackers could read arbitrary files on the server. The vulnerability was fixed in version 1.0.1 by restricting file reads to only files under the priv/data directory through strict path validation. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to a high confidentiality loss because an attacker can read arbitrary files on the server without any privileges or user interaction. Sensitive information such as system files (e.g., /etc/passwd) could be exposed, potentially leading to further attacks or information disclosure. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking if your system is running a vulnerable version (β€ v1.0.0) of the elixir-system-monitor package. To test if the /read endpoint is vulnerable, you can send an HTTP request to the /read endpoint with a file parameter pointing to a sensitive file like /etc/passwd and observe if the file contents are returned. For example, using curl: curl http://<target-host>/read?file=/etc/passwd If the contents of /etc/passwd are returned, the system is vulnerable. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the elixir-system-monitor package to version 1.0.1 or later, where the vulnerability is patched by restricting file reads to only files under the priv/data directory. If upgrading is not immediately possible, restrict access to the /read endpoint via network controls or firewall rules to prevent unauthorized access. [2, 1]