CNNVD-202507-2944 Information

Jul 22, 2025 cve

CNNVD ID

CNNVD-202507-2944

CVE-2025-54141

CNNVD Published: 2025-07-22

Description (Chinese)

ViewVC是ViewVC开源的一款基于Web的CVS、SVN代码仓库浏览工具。 ViewVC 1.1.0至1.1.31版本和1.2.0至1.2.3版本存在路径遍历漏洞，该漏洞源于standalone.py脚本存在目录遍历，可能导致主机文件系统内容泄露。

Description (English)

ViewVC is a Web-based CVS, SVN-code repository viewer for ViewVC open source. ViewVC Versions 1.1.0 to 1.1.31 and 1.2.0 to 1.2.2.3 have path-to-way loopholes, which stem from the presence of directories in Standalone.py scripts, which may lead to the leaking of the contents of the host file system.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

ViewVC

Published

2025-07-22

Last Modified

2026-02-24

References

https://github.com/viewvc/viewvc/security/advisories/GHSA-rv3m-76rj-q397 https://github.com/viewvc/viewvc/commit/1dd84542c39b39e4a3f434db84a8ba3441d6a1e7 https://github.com/viewvc/viewvc/commit/5d7c76be07b77dce4ff631e9b866056344f11e84 https://github.com/viewvc/viewvc/issues/211 https://access.redhat.com/security/cve/cve-2025-54141 https://nvd.nist.gov/vuln/detail/CVE-2025-54141

Patch

https://viewvc.org/downloads/

Share on: