Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-25475 is a Local File Inclusion (LFI) vulnerability in the OpenClaw AI assistant's isValidMedia() function. This function is supposed to validate media file paths but incorrectly allows arbitrary file paths, including absolute paths, home directory paths, and directory traversal sequences."}, {'type': 'paragraph', 'content': 'Because of this flaw, an attacker can trick the system into reading and exposing any file accessible to the agent user by using specially crafted input like MEDIA:/etc/passwd or MEDIA:~/.ssh/id_rsa. This can lead to sensitive data such as SSH keys, cloud credentials, and critical system files being exposed.'}, {'type': 'paragraph', 'content': 'The vulnerability affects all OpenClaw versions up to 2026.1.29 and was fixed in version 2026.1.30.'}] [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker with low privileges to read any file on the system that the OpenClaw agent user can access, without requiring user interaction.

The attacker can exfiltrate sensitive information such as private SSH keys, cloud service credentials, API keys, and critical system files, potentially leading to unauthorized access to other systems or services.

The confidentiality of your system is at high risk, although the vulnerability does not affect system integrity or availability.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves the isValidMedia() function improperly allowing arbitrary file paths, which can be exploited by outputting strings like MEDIA:/etc/passwd or MEDIA:~/.ssh/id_rsa to read sensitive files.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts on your system or network, you can monitor logs or outputs for suspicious MEDIA: path patterns that include absolute paths (/), home directory paths (~), or directory traversal sequences (../).'}, {'type': 'paragraph', 'content': 'Suggested commands include searching application logs or output streams for these patterns. For example, using grep on log files or process outputs:'}, {'type': 'list_item', 'content': "grep -rE 'MEDIA:(/|~|\\.\\./)' /path/to/openclaw/logs"}, {'type': 'list_item', 'content': "grep -r 'MEDIA:' /path/to/openclaw/logs | grep -E '(/|~|\\.\\./)'"}, {'type': 'paragraph', 'content': 'Additionally, monitoring network traffic for data exfiltration patterns containing MEDIA: paths could help detect exploitation attempts.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.1.30 or later, where the vulnerability in isValidMedia() has been patched.

If upgrading immediately is not possible, restrict access to the vulnerable OpenClaw agent to trusted users only, and monitor for suspicious MEDIA: path usage as a temporary measure.

Consider applying any available patches or pull requests (such as pull request #4930) that fix the validation logic if you maintain your own build.

Also, review and limit file system permissions for the OpenClaw agent user to minimize the impact of potential exploitation.

Useful 0 Not Useful 0