Unrated severityNVD Advisory· Published Jul 22, 2025· Updated Jul 23, 2025

ViewVC's standalone server exposes arbitrary server filesystem content

CVE-2025-54141

Description

ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style attack. This is fixed in versions 1.1.31 and 1.2.4.

Affected products

Viewvc/Viewvcv5
Range: >= 1.1.0, < 1.1.31

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/viewvc/viewvc/commit/1dd84542c39b39e4a3f434db84a8ba3441d6a1e7mitrex_refsource_MISC
github.com/viewvc/viewvc/commit/5d7c76be07b77dce4ff631e9b866056344f11e84mitrex_refsource_MISC
github.com/viewvc/viewvc/issues/211mitrex_refsource_MISC
github.com/viewvc/viewvc/security/advisories/GHSA-rv3m-76rj-q397mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000