Directory Traversal Vulnerability in ViewVC Versions by ViewVC
CVE-2025-54141

7.5HIGH

Key Information:

Vendor: Viewvc
Status: Viewvc
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-54141?

A directory traversal vulnerability exists in the ViewVC browser interface for CVS and Subversion version control repositories. This issue affects versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, allowing attackers to exploit the standalone.py script to access sensitive information from the host server's filesystem. Remediation is available in versions 1.1.31 and 1.2.4, which are recommended for users to ensure the security of their systems.

Affected Version(s)

viewvc >= 1.1.0, < 1.1.31 < 1.1.0, 1.1.31

viewvc >= 1.2.0, < 1.2.4 < 1.2.0, 1.2.4

References

https://github.com/viewvc/viewvc/security/advisories/GHSA...

x_refsource_CONFIRM

https://github.com/viewvc/viewvc/issues/211

x_refsource_MISC

https://github.com/viewvc/viewvc/commit/1dd84542c39b39e4a...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
Jul 16, 2025

Viewvc

What is CVE-2025-54141?

Affected Version(s)

References

CVSS V3.1

Timeline