CVE-2025-54141
Published: 22 July 2025
Summary
CVE-2025-54141 is a high-severity Path Traversal (CWE-22) vulnerability in Viewvc Viewvc. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 25.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22380
Vulnerability details
ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a…
more
directory traversal-style attack. This is fixed in versions 1.1.31 and 1.2.4.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.
Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.
Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.