Vulnerability Details CVE-2025-54141
ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style attack. This is fixed in versions 1.1.31 and 1.2.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.7%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-54141
-
cpe:2.3:a:viewvc:viewvc:1.1.0
-
cpe:2.3:a:viewvc:viewvc:1.1.1
-
cpe:2.3:a:viewvc:viewvc:1.1.10
-
cpe:2.3:a:viewvc:viewvc:1.1.11
-
cpe:2.3:a:viewvc:viewvc:1.1.12
-
cpe:2.3:a:viewvc:viewvc:1.1.13
-
cpe:2.3:a:viewvc:viewvc:1.1.14
-
cpe:2.3:a:viewvc:viewvc:1.1.15
-
cpe:2.3:a:viewvc:viewvc:1.1.16
-
cpe:2.3:a:viewvc:viewvc:1.1.17
-
cpe:2.3:a:viewvc:viewvc:1.1.18
-
cpe:2.3:a:viewvc:viewvc:1.1.19
-
cpe:2.3:a:viewvc:viewvc:1.1.2
-
cpe:2.3:a:viewvc:viewvc:1.1.20
-
cpe:2.3:a:viewvc:viewvc:1.1.21
-
cpe:2.3:a:viewvc:viewvc:1.1.22
-
cpe:2.3:a:viewvc:viewvc:1.1.23
-
cpe:2.3:a:viewvc:viewvc:1.1.24
-
cpe:2.3:a:viewvc:viewvc:1.1.25
-
cpe:2.3:a:viewvc:viewvc:1.1.26
-
cpe:2.3:a:viewvc:viewvc:1.1.27
-
cpe:2.3:a:viewvc:viewvc:1.1.28
-
cpe:2.3:a:viewvc:viewvc:1.1.29
-
cpe:2.3:a:viewvc:viewvc:1.1.3
-
cpe:2.3:a:viewvc:viewvc:1.1.30
-
cpe:2.3:a:viewvc:viewvc:1.1.4
-
cpe:2.3:a:viewvc:viewvc:1.1.5
-
cpe:2.3:a:viewvc:viewvc:1.1.6
-
cpe:2.3:a:viewvc:viewvc:1.1.7
-
cpe:2.3:a:viewvc:viewvc:1.1.8
-
cpe:2.3:a:viewvc:viewvc:1.1.9
-
cpe:2.3:a:viewvc:viewvc:1.2.0
-
cpe:2.3:a:viewvc:viewvc:1.2.1
-
cpe:2.3:a:viewvc:viewvc:1.2.2
-
cpe:2.3:a:viewvc:viewvc:1.2.3