High severity7.5OSV Advisory· Published Jun 24, 2025· Updated Apr 15, 2026

CVE-2025-52574

Description

SysmonElixir is a system monitor HTTP service in Elixir. Prior to version 1.0.1, the /read endpoint reads any file from the server's /etc/passwd by default. In v1.0.1, a whitelist was added that limits reading to only files under priv/data. This issue has been patched in version 1.0.1.

Affected products

Bocaletto Luca/Elixir System MonitorOSV
Range: v1.0.0

Patches

d018c0100aa6

https://github.com/bocaletto-luca/elixir-system-monitorvia osv

647a5525f666

https://github.com/bocaletto-luca/elixir-system-monitorvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/bocaletto-luca/elixir-system-monitor/commit/647a5525f6667a28f1133985213dd080ea11bb87nvd
github.com/bocaletto-luca/elixir-system-monitor/security/advisories/GHSA-9vj4-rv7q-36qjnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000