CVE-2025-56499 – This vulnerability in mihomo v1.19.11 allows au... (How to Fix)

Q: What is the severity of CVE-2025-56499?

CVE-2025-56499 has a CVSS score of 6.5 (MEDIUM). This vulnerability in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges by extracting the external control key from the configuration file. This affects all systems running the vulnerable version of mihomo where authenticated users have access to configuration files.

📋 TL;DR

This vulnerability in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges by extracting the external control key from the configuration file. This affects all systems running the vulnerable version of mihomo where authenticated users have access to configuration files.

💻 Affected Systems

Products:

mihomo

Versions: v1.19.11 specifically

Operating Systems: All platforms running mihomo

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the system where mihomo is running and access to configuration files.

📦 What is this software?

Mihomo by Metacubex

View all CVEs affecting Mihomo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files, configuration files, or credentials, potentially leading to full system compromise through privilege escalation.

🟠

Likely Case

Unauthorized reading of configuration files, application data, or other files accessible to the elevated privileges of the mihomo process.

🟢

If Mitigated

Limited to reading files within the mihomo process's privilege scope, but still represents a significant information disclosure risk.

🌐 Internet-Facing: MEDIUM - Requires authenticated access, but if mihomo is exposed with user authentication, the risk increases.

🏢 Internal Only: HIGH - Internal attackers with authenticated access can exploit this to gain unauthorized file access and potentially escalate privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access and knowledge of configuration file location. The GitHub reference provides technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check latest mihomo releases after v1.19.11

Vendor Advisory: https://github.com/MetaCubeX/mihomo

Restart Required: Yes

Instructions:

1. Check mihomo GitHub repository for latest release. 2. Update to patched version. 3. Restart mihomo service. 4. Verify configuration files are properly secured.

🔧 Temporary Workarounds

Restrict configuration file permissions

linux

Limit read access to mihomo configuration files to only necessary users and processes

chmod 600 /path/to/mihomo/config
chown root:root /path/to/mihomo/config

Implement strict access controls

all

Ensure only authorized users can access systems running mihomo and limit their privileges

🧯 If You Can't Patch

Implement strict file system permissions on configuration files and sensitive directories
Monitor for unauthorized access attempts to mihomo configuration files and audit user activities

🔍 How to Verify

Check if Vulnerable:

Check mihomo version: mihomo --version or check installed package version. If version is v1.19.11, system is vulnerable.

Check Version:

mihomo --version

Verify Fix Applied:

Update to latest version and verify version is newer than v1.19.11. Test that authenticated users cannot read arbitrary files via mihomo.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to configuration files
Unexpected file read operations by mihomo process
Authentication logs showing suspicious user activity

Network Indicators:

Unusual outbound connections from mihomo host
Suspicious authentication patterns to mihomo services

SIEM Query:

process_name:"mihomo" AND file_read:"config" OR process_name:"mihomo" AND user_privilege_escalation

📊 Metadata

CVE ID: CVE-2025-56499

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-284

EPSS Score: 0.04% exploit probability (12.6th percentile)

Published: November 18, 2025

Last Updated: December 31, 2025

🔗 References

https://github.com/Cherrling/CVE-2025-56499 Exploit,Third Party Advisory
https://github.com/MetaCubeX/mihomo/tree/v1.19.11 Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-56499, you might also want to check these: