CVE-2025-52574

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-52574

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-52574.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-52574

Aliases

GHSA-9vj4-rv7q-36qj

Published

2025-06-24T03:15:34Z

Modified

2025-07-01T16:33:35.831101Z

Summary

[none]

Details

SysmonElixir is a system monitor HTTP service in Elixir. Prior to version 1.0.1, the /read endpoint reads any file from the server's /etc/passwd by default. In v1.0.1, a whitelist was added that limits reading to only files under priv/data. This issue has been patched in version 1.0.1.

References

Affected packages

Git / github.com/bocaletto-luca/elixir-system-monitor

Affected ranges

Type: GIT
Repo: https://github.com/bocaletto-luca/elixir-system-monitor
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

647a5525f6667a28f1133985213dd080ea11bb87

Affected versions

v1.*

v1.0.0

v1.0.1