CVE-2025-55214
BaseFortify
Publication date: 2025-08-18
Last updated on: 2025-08-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| copier | copier | 7.1.0 |
| copier | copier | 9.9.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can impact you by allowing malicious Copier templates to write or overwrite files outside the intended project directory. If exploited, it can lead to unauthorized modification of arbitrary files on your filesystem, limited only by your user permissions. This can cause data loss, corruption, or disruption of system or application files, potentially leading to system instability or other harmful effects. The attack requires local access and some user interaction but does not require elevated privileges. [2]
Can you explain this vulnerability to me?
CVE-2025-55214 is a vulnerability in the Copier library and CLI app used for rendering project templates. It occurs because Copier allows templates that are considered "safe" to write files outside the intended destination directory. This happens when a template uses path constructions that resolve to parent directories or absolute paths outside the target folder, exploiting Copier's built-in Jinja filter `pathjoin` and the platform-native path separator variable. As a result, a malicious template author can craft templates that overwrite arbitrary files on the filesystem within the user's write permissions, potentially causing damage or disruption. This vulnerability affects Copier versions from 7.1.0 up to but not including 9.9.1 and is fixed in version 9.9.1. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if Copier templates are attempting to write files outside the intended destination directory using relative parent paths or absolute paths. Specifically, look for templates using the Jinja filter `pathjoin` combined with `_copier_conf.sep` to construct paths like '..' or absolute paths. Since the vulnerability involves unauthorized file writes outside the project directory, you can monitor file system changes outside expected directories during Copier runs. There are no explicit commands provided in the resources, but you can audit Copier template files for usage of `pathjoin('..', ...)` or absolute paths, and monitor file system writes outside the project directory during template rendering. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation is to upgrade Copier to version 9.9.1 or later, where the vulnerability is fixed by enforcing strict path validation to prevent writing outside the destination directory. Until upgrading, avoid using untrusted or unsafe templates, especially those that might use `pathjoin` to escape the project directory. Additionally, do not run Copier with Python optimizations (`python -O`), as this disables assertions that help prevent absolute path escapes. Monitoring and restricting write permissions can also help limit the impact. [1, 2]