CVE-2025-54141

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-54141
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54141.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-54141
Aliases
  • GHSA-rv3m-76rj-q397
Downstream
Published
2025-07-22T21:35:47.844Z
Modified
2025-12-05T10:19:55.107006Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
ViewVC's standalone server exposes arbitrary server filesystem content
Details

ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style attack. This is fixed in versions 1.1.31 and 1.2.4.

Database specific 
{
    "cwe_ids": [
        "CWE-22",
        "CWE-79"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54141.json"
}
References

Affected packages

Git / github.com/viewvc/viewvc

Affected ranges

Type
GIT
Repo
https://github.com/viewvc/viewvc
Events
Introduced
f4a5b590c96e07004c6e107945094217237dde74
Fixed
62697a2bd00c6e7cf9e6e4b9a6d864b6ce2514db
Database specific 
{
    "versions": [
        {
            "introduced": "1.1.0"
        },
        {
            "fixed": "1.1.31"
        }
    ]
}
Type
GIT
Repo
https://github.com/viewvc/viewvc
Events
Introduced
3ab6e43ddb3096749c0de4706b8514486c8ba92f
Fixed
2e9c4ad71c4f01ad67fabf56c0cd2217c0c1aabc
Database specific 
{
    "versions": [
        {
            "introduced": "1.2.0"
        },
        {
            "fixed": "1.2.4"
        }
    ]
}

Affected versions

1.*
1.2.0
1.2.1
1.2.2
1.2.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54141.json"