Platform
other
Component
elixir-system-monitor
Fixed in
1.0.2
CVE-2025-52574 describes a Path Traversal vulnerability within SysmonElixir, a system monitor HTTP service written in Elixir. This flaw allows unauthorized access to files on the server, potentially leading to sensitive data exposure. Versions of SysmonElixir prior to 1.0.1 are affected, and a patch has been released in version 1.0.1.
The vulnerability lies in the /read endpoint, which, before version 1.0.1, lacked proper access controls. An attacker can craft a malicious request to read any file accessible to the SysmonElixir process. This includes critical system files like /etc/passwd, which contains user account information, including usernames and potentially hashed passwords. Successful exploitation could lead to unauthorized access to the system, privilege escalation, and further compromise. The blast radius extends to any system running a vulnerable version of SysmonElixir.
This vulnerability was publicly disclosed on 2025-06-24. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability is not currently listed on CISA KEV. The EPSS score is pending evaluation, but the ability to read /etc/passwd suggests a potentially high exploitation probability if a PoC is developed.
Exploit Status
EPSS
0.13% (32% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade SysmonElixir to version 1.0.1 or later, which includes a whitelist restricting file access to the priv/data directory. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests to the /read endpoint with potentially malicious path parameters. Carefully review and restrict file permissions for the SysmonElixir process to minimize the potential impact of a successful attack. After upgrade, confirm the fix by attempting to access a file outside the priv/data directory via the /read endpoint; access should be denied.
Actualice SysmonElixir a la versión 1.0.1 o superior. Esta versión corrige la vulnerabilidad de path traversal en el endpoint /read. La actualización impedirá la lectura arbitraria de archivos en el servidor.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-52574 is a Path Traversal vulnerability affecting SysmonElixir versions prior to 1.0.1, allowing attackers to read arbitrary files on the server.
You are affected if you are running SysmonElixir version 1.0.1 or earlier. Upgrade to 1.0.1 to resolve the vulnerability.
Upgrade SysmonElixir to version 1.0.1 or later. As a temporary workaround, implement a WAF rule to block malicious requests to the /read endpoint.
There is no confirmed active exploitation of CVE-2025-52574 at this time, but the vulnerability's potential impact warrants immediate attention.
Refer to the SysmonElixir project's official communication channels and repository for the latest advisory regarding CVE-2025-52574.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.