What is CVE-2025-55201?

CVE-2025-55201 is a vulnerability in Copier-org Copier, classified under Path Traversal. Published 2025-08-18.

Is CVE-2025-55201 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Copier-org Copier

CVE-2025-55201

Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O me…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (18.4th percentile) — read the EPSS interpretation.

Affected products

Copier-org Copier — versions < 9.9.1

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/copier-org/copier/security/advisories/GHSA-3xw7-v6cj-5q8h (x_refsource_CONFIRM)
https://github.com/copier-org/copier/commit/3feea3b3ff3c20d80cbb16a2f3b9567ffc5606d1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-55201?: CVE-2025-55201 is a vulnerability in Copier-org Copier, classified under Path Traversal. Published 2025-08-18.
Is CVE-2025-55201 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.