CVE-2025-50819
📋 TL;DR
A directory traversal vulnerability in beiyuouo arxiv-daily allows attackers to read arbitrary files on the server by manipulating the topic.yml file during daily arXiv paper generation. This affects users running arxiv-daily versions through commit fad168770b0e68aef3e5acfa16bb2e7a7765d687 (2025-05-06). The vulnerability is present in the generation logic of daily_arxiv.py.
💻 Affected Systems
- beiyuouo arxiv-daily
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive files like SSH keys, configuration files, or database credentials, potentially leading to lateral movement and data exfiltration.
Likely Case
Unauthorized reading of sensitive configuration files, source code, or user data stored on the server where arxiv-daily is running.
If Mitigated
Limited file access restricted by proper file permissions and sandboxing, with only non-sensitive files accessible.
🎯 Exploit Status
Exploitation requires ability to modify or control the topic.yml file used by the arxiv-daily generation process. The advisory includes technical details that make exploitation straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit after fad168770b0e68aef3e5acfa16bb2e7a7765d687
Vendor Advisory: https://github.com/amooryx/arxiv-daily/security/advisories/GHSA-xqg6-5wfv-4855
Restart Required: Yes
Instructions:
1. Update to the latest version of arxiv-daily from GitHub. 2. Replace the vulnerable daily_arxiv.py file with the patched version. 3. Restart any running arxiv-daily processes or services.
🔧 Temporary Workarounds
Restrict topic.yml file permissions
linuxSet strict file permissions on topic.yml files to prevent unauthorized modifications
chmod 600 topic.yml
chown root:root topic.yml
Disable automatic generation
allTemporarily disable the daily arXiv paper generation feature that processes topic.yml files
Comment out or remove the daily generation cron job or scheduled task
🧯 If You Can't Patch
- Implement strict file system permissions to limit what directories arxiv-daily can access
- Run arxiv-daily in a container or sandbox with restricted file system access
🔍 How to Verify
Check if Vulnerable:
Check if your arxiv-daily installation uses commit fad168770b0e68aef3e5acfa16bb2e7a7765d687 or earlier by examining the git history or version metadata.Check Version:
git log --oneline -1Verify Fix Applied:
Verify the daily_arxiv.py file has been updated to include proper path validation and no longer contains the vulnerable directory traversal logic.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in arxiv-daily logs
- Error messages related to file path validation failures
- Access to files outside expected directories
Network Indicators:
- Unusual outbound connections from arxiv-daily process
- Data exfiltration patterns
SIEM Query:
Process:arxiv-daily AND (FileAccess:*../* OR FileAccess:*..\*)