CVE-2025-56499

MEDIUM

mihomo 1.19.11 - Authenticated Arbitrary File Read via External Control Key

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-56499. PoCs published by Cherrling.

AI-analyzed exploit summary This PoC demonstrates an arbitrary file read vulnerability in mihomo <= v1.19.11 due to missing path validation in the 'file' type rule-providers configuration. An authenticated attacker can exploit this to read sensitive files, with fragments exposed via the /logs API.

Description

Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file.

Exploits (1)

nomisec WORKING POC
by Cherrling · poc
https://github.com/Cherrling/CVE-2025-56499

This PoC demonstrates an arbitrary file read vulnerability in mihomo <= v1.19.11 due to missing path validation in the 'file' type rule-providers configuration. An authenticated attacker can exploit this to read sensitive files, with fragments exposed via the /logs API.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: mihomo <= v1.19.11
Auth required
Prerequisites: Authenticated access to the mihomo API · Ability to modify configurations via /configs endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0027
EPSS Percentile 17.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-284
Status published
Products (1)
metacubex/mihomo 1.9.11
Published Nov 18, 2025
Tracked Since Feb 18, 2026