CVE-2025-52574 is a high-severity path traversal vulnerability (CWE-22) affecting versions of the elixir-system-monitor HTTP service prior to 1.0.1. This service, developed in Elixir by the vendor bocaletto-luca, exposes a /read endpoint that allows reading files from the server's filesystem. Before version 1.0.1, the endpoint defaulted to reading the sensitive file /etc/passwd without any restriction, enabling an attacker to retrieve critical system information. The vulnerability arises because the service improperly limits pathname access, allowing an attacker to specify arbitrary file paths and read files outside intended directories. In version 1.0.1, a whitelist mechanism was introduced to restrict file reads exclusively to files under the priv/data directory, effectively mitigating the issue. The vulnerability has a CVSS v3.1 base score of 7.5, reflecting its network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N/A:N). There are no known exploits in the wild as of the publication date (June 24, 2025). The core risk is unauthorized disclosure of sensitive system files, which can facilitate further attacks such as privilege escalation or lateral movement within a network. The vulnerability is exploitable remotely without authentication or user interaction, increasing its risk profile. The patch is available in version 1.0.1, which enforces strict directory whitelisting to prevent arbitrary file reads.

For European organizations deploying elixir-system-monitor versions prior to 1.0.1, this vulnerability poses a significant confidentiality risk. Unauthorized access to files like /etc/passwd can expose user account information, potentially aiding attackers in crafting targeted attacks or escalating privileges. This is particularly critical for organizations managing sensitive infrastructure, including government agencies, financial institutions, and critical infrastructure operators. The ability to remotely exploit this vulnerability without authentication or user interaction increases the attack surface, especially for publicly accessible monitoring services. While the vulnerability does not directly affect system integrity or availability, the information disclosure can be a stepping stone for more severe attacks, including lateral movement and data breaches. European organizations with strict data protection regulations (e.g., GDPR) must consider the reputational and compliance implications of such exposures. Additionally, the presence of this vulnerability in monitoring tools could undermine trust in system telemetry and incident response capabilities.

1. Immediate upgrade to elixir-system-monitor version 1.0.1 or later, which includes the whitelist patch restricting file reads to the priv/data directory. 2. If immediate upgrade is not feasible, restrict network access to the /read endpoint using firewall rules or network segmentation to limit exposure to trusted internal networks only. 3. Implement Web Application Firewall (WAF) rules to detect and block path traversal patterns in HTTP requests targeting the /read endpoint. 4. Conduct thorough audits of deployed versions of elixir-system-monitor across the environment to identify and remediate vulnerable instances. 5. Monitor logs for unusual access patterns or attempts to read sensitive files via the /read endpoint. 6. Employ runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect exploitation attempts in real time. 7. Review and harden file system permissions to minimize the impact of unauthorized file reads, ensuring sensitive files are not world-readable where possible. 8. Educate development and operations teams on secure coding and deployment practices to prevent similar path traversal vulnerabilities in custom or third-party software.