Plattform
other
Komponente
elixir-system-monitor
Behoben in
1.0.2
CVE-2025-52574 describes a Path Traversal vulnerability within SysmonElixir, a system monitor HTTP service written in Elixir. This flaw allows attackers to read arbitrary files from the server, potentially gaining access to sensitive data. The vulnerability impacts versions of SysmonElixir prior to 1.0.1, and a patch has been released in version 1.0.1.
The primary impact of this vulnerability is the ability for an attacker to read any file accessible to the SysmonElixir process. In versions prior to 1.0.1, the /read endpoint lacked proper access controls, allowing attackers to directly request files like /etc/passwd. Successful exploitation could lead to the exposure of user account information, including usernames and potentially hashed passwords. While the vulnerability itself doesn't provide remote code execution, the information gained could be used in subsequent attacks, such as privilege escalation or lateral movement within the network. The blast radius is limited to the server hosting SysmonElixir and any files it has access to.
This vulnerability was publicly disclosed on 2025-06-24. There is no indication of active exploitation campaigns at this time. No public proof-of-concept (PoC) code has been released, but the simplicity of the vulnerability suggests that PoCs could be developed relatively easily. The vulnerability is not currently listed on the CISA KEV catalog.
Systems running SysmonElixir in production environments, particularly those with exposed HTTP endpoints, are at risk. Shared hosting environments where SysmonElixir is deployed alongside other applications are also vulnerable, as a compromise of SysmonElixir could potentially lead to broader system compromise.
• linux / server: Monitor SysmonElixir logs for unusual file access attempts to /etc/passwd or other sensitive system files. Use journalctl -u sysmon_elixir to review logs.
journalctl -u sysmon_elixir | grep '/etc/passwd'• generic web: Use curl to test the /read endpoint with various path traversal payloads (e.g., /read/../etc/passwd).
curl 'http://<sysmon_elixir_ip>/read/../etc/passwd'disclosure
Exploit-Status
EPSS
0.13% (32% Perzentil)
CISA SSVC
CVSS-Vektor
The definitive mitigation for CVE-2025-52574 is to upgrade SysmonElixir to version 1.0.1 or later. This version introduces a whitelist that restricts file access to the /priv/data directory. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests to the /read endpoint or restrict access based on IP address. Additionally, review the permissions of the SysmonElixir process to ensure it has the minimum necessary access to files. After upgrading, confirm the fix by attempting to access a file outside the /priv/data directory via the /read endpoint; access should be denied.
Actualice SysmonElixir a la versión 1.0.1 o superior. Esta versión corrige la vulnerabilidad de path traversal en el endpoint /read. La actualización impedirá la lectura arbitraria de archivos en el servidor.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-52574 is a Path Traversal vulnerability affecting SysmonElixir versions prior to 1.0.1, allowing attackers to read arbitrary files on the server.
You are affected if you are running SysmonElixir version 1.0.1 or earlier. Upgrade to 1.0.1 to resolve the vulnerability.
Upgrade SysmonElixir to version 1.0.1 or later. As a temporary workaround, implement a WAF rule to block malicious requests to the /read endpoint.
There is no confirmed active exploitation of CVE-2025-52574 at this time, but the vulnerability's potential impact warrants immediate attention.
Refer to the SysmonElixir project's official communication channels and repository for the latest advisory regarding CVE-2025-52574.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.