Vulnerability Description
ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style attack. This is fixed in versions 1.1.31 and 1.2.4.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Viewvc | Viewvc | >= 1.1.0, < 1.1.31 |
Related Weaknesses (CWE)
References
- https://github.com/viewvc/viewvc/commit/1dd84542c39b39e4a3f434db84a8ba3441d6a1e7Patch
- https://github.com/viewvc/viewvc/commit/5d7c76be07b77dce4ff631e9b866056344f11e84Patch
- https://github.com/viewvc/viewvc/issues/211ExploitIssue Tracking
- https://github.com/viewvc/viewvc/security/advisories/GHSA-rv3m-76rj-q397Vendor Advisory
FAQ
What is CVE-2025-54141?
CVE-2025-54141 is a vulnerability with a CVSS score of 7.5 (HIGH). ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distributio...
How severe is CVE-2025-54141?
CVE-2025-54141 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-54141?
Check the references section above for vendor advisories and patch information. Affected products include: Viewvc Viewvc.