Skip to main content

CVE-2025-52574: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bocaletto-luca elixir-system-monitor

High
VulnerabilityCVE-2025-52574cvecve-2025-52574cwe-22
Published: Tue Jun 24 2025 (06/24/2025, 02:52:11 UTC)
Source: CVE Database V5
Vendor/Project: bocaletto-luca
Product: elixir-system-monitor

Description

SysmonElixir is a system monitor HTTP service in Elixir. Prior to version 1.0.1, the /read endpoint reads any file from the server's /etc/passwd by default. In v1.0.1, a whitelist was added that limits reading to only files under priv/data. This issue has been patched in version 1.0.1.

AI-Powered Analysis

AILast updated: 06/24/2025, 03:24:50 UTC

Technical Analysis

CVE-2025-52574 is a high-severity path traversal vulnerability (CWE-22) affecting versions of the elixir-system-monitor HTTP service prior to 1.0.1. This service, developed in Elixir by the vendor bocaletto-luca, exposes a /read endpoint that allows reading files from the server's filesystem. Before version 1.0.1, the endpoint defaulted to reading the sensitive file /etc/passwd without any restriction, enabling an attacker to retrieve critical system information. The vulnerability arises because the service improperly limits pathname access, allowing an attacker to specify arbitrary file paths and read files outside intended directories. In version 1.0.1, a whitelist mechanism was introduced to restrict file reads exclusively to files under the priv/data directory, effectively mitigating the issue. The vulnerability has a CVSS v3.1 base score of 7.5, reflecting its network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N/A:N). There are no known exploits in the wild as of the publication date (June 24, 2025). The core risk is unauthorized disclosure of sensitive system files, which can facilitate further attacks such as privilege escalation or lateral movement within a network. The vulnerability is exploitable remotely without authentication or user interaction, increasing its risk profile. The patch is available in version 1.0.1, which enforces strict directory whitelisting to prevent arbitrary file reads.

Potential Impact

For European organizations deploying elixir-system-monitor versions prior to 1.0.1, this vulnerability poses a significant confidentiality risk. Unauthorized access to files like /etc/passwd can expose user account information, potentially aiding attackers in crafting targeted attacks or escalating privileges. This is particularly critical for organizations managing sensitive infrastructure, including government agencies, financial institutions, and critical infrastructure operators. The ability to remotely exploit this vulnerability without authentication or user interaction increases the attack surface, especially for publicly accessible monitoring services. While the vulnerability does not directly affect system integrity or availability, the information disclosure can be a stepping stone for more severe attacks, including lateral movement and data breaches. European organizations with strict data protection regulations (e.g., GDPR) must consider the reputational and compliance implications of such exposures. Additionally, the presence of this vulnerability in monitoring tools could undermine trust in system telemetry and incident response capabilities.

Mitigation Recommendations

1. Immediate upgrade to elixir-system-monitor version 1.0.1 or later, which includes the whitelist patch restricting file reads to the priv/data directory. 2. If immediate upgrade is not feasible, restrict network access to the /read endpoint using firewall rules or network segmentation to limit exposure to trusted internal networks only. 3. Implement Web Application Firewall (WAF) rules to detect and block path traversal patterns in HTTP requests targeting the /read endpoint. 4. Conduct thorough audits of deployed versions of elixir-system-monitor across the environment to identify and remediate vulnerable instances. 5. Monitor logs for unusual access patterns or attempts to read sensitive files via the /read endpoint. 6. Employ runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect exploitation attempts in real time. 7. Review and harden file system permissions to minimize the impact of unauthorized file reads, ensuring sensitive files are not world-readable where possible. 8. Educate development and operations teams on secure coding and deployment practices to prevent similar path traversal vulnerabilities in custom or third-party software.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-06-18T03:55:52.036Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 685a16f4dec26fc862d8ed63

Added to database: 6/24/2025, 3:09:40 AM

Last enriched: 6/24/2025, 3:24:50 AM

Last updated: 8/15/2025, 6:28:34 PM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats