CVE-2026-25475
📋 TL;DR
OpenClaw versions before 2026.1.30 contain a path traversal vulnerability in the isValidMedia() function that allows reading arbitrary files on the system. Any user or agent can exploit this by providing specially crafted MEDIA: paths to exfiltrate sensitive data. All OpenClaw instances running vulnerable versions are affected.
💻 Affected Systems
- OpenClaw
📦 What is this software?
Openclaw by Openclaw
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via exfiltration of sensitive files like SSH keys, passwords, configuration files, and database credentials, potentially leading to lateral movement and full domain takeover.
Likely Case
Unauthorized access to sensitive user data, configuration files, and application secrets stored on the server where OpenClaw is running.
If Mitigated
Limited impact if file permissions are properly restricted and OpenClaw runs with minimal privileges, though some data exposure may still occur.
🎯 Exploit Status
Exploitation requires only the ability to provide input to the media parsing function, which is typically available to any user or agent interacting with OpenClaw.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2026.1.30
Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-r8g4-86fx-92mq
Restart Required: Yes
Instructions:
1. Stop OpenClaw service. 2. Update to version 2026.1.30 via package manager or manual installation. 3. Restart OpenClaw service. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict File System Access
allRun OpenClaw with minimal file system permissions using containerization or restricted user accounts
sudo chown -R restricted_user:restricted_user /path/to/openclaw
sudo -u restricted_user node /path/to/openclaw
Input Validation Filter
allAdd middleware to filter MEDIA: paths containing traversal sequences before they reach isValidMedia()
🧯 If You Can't Patch
- Implement strict network segmentation to isolate OpenClaw from sensitive systems and data
- Deploy application-level firewalls to block MEDIA: requests containing path traversal patterns
🔍 How to Verify
Check if Vulnerable:
Check if OpenClaw version is below 2026.1.30 and test with MEDIA:../../../etc/passwd payloadCheck Version:
openclaw --version or check package.json version fieldVerify Fix Applied:
After updating, test with traversal payloads and verify they are rejected or sanitized📡 Detection & Monitoring
Log Indicators:
- MEDIA: requests containing ../ sequences
- File access errors for unexpected paths
- Multiple failed file access attempts from single user
Network Indicators:
- Unusual patterns of MEDIA: requests to unexpected file paths
- Increased data egress from OpenClaw instance
SIEM Query:
source="openclaw.log" AND "MEDIA:" AND ("../" OR "/etc/" OR "/home/")