FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

viewvc -- Arbitrary server filesystem content

Affected packages
1.1.0 <= viewvc <= 1.1.30
1.2.0 <= viewvc <= 1.2.3
viewvc-devel < 1.3.0.20250316_1

Details

VuXML ID c37f29ba-6ae3-11f0-b4bf-ecf4bbefc954
Discovery 2025-07-22
Entry 2025-07-25

cmpilato reports:

The ViewVC standalone web server (standalone.py) is a script provided in the ViewVC distribution for the purposes of quickly testing a ViewVC configuration. This script can in particular configurations expose the contents of the host server's filesystem though a directory traversal-style attack.

[source]

References

CVE Name CVE-2025-54141
URL https://nvd.nist.gov/vuln/detail/CVE-2025-54141

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.