CVE Daily

CVE-2025-55201

Copier library and CLI app for rendering project templates. Prior to 9.9.1, a sa...

High CVSS 8.5

Overview

Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t. filesystem access useless. This vulnerability is fixed in 9.9.1.

CWE: CWE-22 Published: 2025-08-18T17:15:29.933
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 8.5 (HIGH)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags