CVE-2025-55201
BaseFortify
Publication date: 2025-08-18
Last updated on: 2025-08-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| copier | copier | 9.9.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-55201 is a vulnerability in the Copier Python package prior to version 9.9.1. It arises because Copier exposes pathlib.Path objects in the Jinja template context, which have unrestricted filesystem input/output methods. This allows a supposedly safe template to read and write arbitrary files on the filesystem, bypassing Copier's intended security model that restricts filesystem access. Essentially, a malicious template can access sensitive files outside the allowed template subtree and can also overwrite or delete files anywhere on the system where Copier runs. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized reading of sensitive files (confidentiality breach), unauthorized modification or deletion of files (integrity breach), and potential deletion of critical files or directories (availability breach). An attacker can exfiltrate secrets like SSH keys or other sensitive data by embedding them in generated files, or cause damage by overwriting or deleting important files. The attack requires only running Copier locally with a malicious template and does not require elevated privileges or additional user interaction. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is local and requires running the copier tool with a malicious template. Detection involves checking the version of the copier package installed on your system. You can detect vulnerable versions by running the command `copier --version` or checking the installed package version via `pip show copier`. Versions prior to 9.9.1 are vulnerable. There are no specific network detection commands since the exploit requires local execution. Additionally, monitoring for unexpected file reads or writes triggered by copier templates may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the copier package to version 9.9.1 or later, where the vulnerability is fixed by replacing pathlib.Path objects with pathlib.PurePath in the Jinja context, preventing arbitrary filesystem access. Until you upgrade, avoid running copier with untrusted templates, as no workarounds or patches other than upgrading are available. Also, restrict copier usage to trusted users and environments to minimize risk. [1, 2]