Description

Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t. filesystem access useless. This vulnerability is fixed in 9.9.1.

INFO

Published Date :

2025-08-18T16:21:25.576Z

Last Modified :

2025-08-18T17:37:53.420Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-55201 vulnerability.

Vendors Products
Copier-org
  • Copier
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55201.

URL Resource
https://github.com/copier-org/copier/commit/3feea3b3ff3c20d80cbb16a2f3b9567ffc5606d1 cve-icon cve-icon
https://github.com/copier-org/copier/commit/fdbc0167cc22780b497e4db176feaf6f024757d6
https://github.com/copier-org/copier/security/advisories/GHSA-3xw7-v6cj-5q8h cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability