Skip to main content

CVE-2025-55214: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in copier-org copier

Medium
VulnerabilityCVE-2025-55214cvecve-2025-55214cwe-22
Published: Mon Aug 18 2025 (08/18/2025, 16:36:46 UTC)
Source: CVE Database V5
Vendor/Project: copier-org
Product: copier

Description

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path where a project shall be generated or updated. This is possible when rendering a generated directory structure whose rendered path is either a relative parent path or an absolute path. Constructing such paths is possible using Copier's builtin pathjoin Jinja filter and its builtin _copier_conf.sep variable, which is the platform-native path separator. This way, a malicious template author can create a template that overwrites arbitrary files (according to the user's write permissions), e.g., to cause havoc. This vulnerability is fixed in 9.9.1.

AI-Powered Analysis

AILast updated: 08/18/2025, 17:03:46 UTC

Technical Analysis

CVE-2025-55214 is a path traversal vulnerability in the Copier library and CLI application, versions 7.1.0 up to but not including 9.9.1. Copier is a tool used to render project templates, designed to generate or update project files from predefined templates. The vulnerability arises because Copier incorrectly assumes that templates marked as safe (i.e., those not requiring the --UNSAFE or --trust flags) cannot write files outside the intended project directory. However, a malicious template author can exploit the built-in Jinja filter 'pathjoin' combined with the '_copier_conf.sep' variable (which represents the platform-native path separator) to craft directory paths that traverse outside the target directory. This allows the template to write or overwrite arbitrary files on the filesystem, limited only by the user's write permissions. Such unauthorized file writes can lead to data corruption, privilege escalation attempts, or disruption of system operations. The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and has a CVSS v4.0 score of 6.9 (medium severity). Exploitation requires local access and user interaction (running Copier with a malicious template), but no authentication or elevated privileges are required to trigger the issue. The vulnerability was fixed in version 9.9.1 of Copier.

Potential Impact

For European organizations, this vulnerability poses a moderate risk especially for development teams or automation pipelines that utilize Copier to generate project templates. If a malicious or compromised template is introduced—either from an untrusted source or via supply chain attacks—it could lead to unauthorized overwriting of critical files on developer machines or build servers. This could result in corrupted source code, compromised build artifacts, or even insertion of malicious code, potentially cascading into production environments. The impact is heightened in environments where Copier is used in automated CI/CD pipelines without strict template validation. Confidentiality impact is limited since the vulnerability primarily allows file overwrite rather than direct data exfiltration, but integrity and availability can be significantly affected. Given the medium CVSS score and the requirement for user interaction, the threat is moderate but should not be underestimated in sensitive or high-security environments.

Mitigation Recommendations

1. Upgrade Copier to version 9.9.1 or later immediately to apply the official patch that fixes this path traversal vulnerability. 2. Implement strict validation and vetting of all templates before use, especially those sourced externally or from third parties. 3. Restrict Copier usage to trusted users and environments, minimizing exposure to untrusted templates. 4. Employ filesystem monitoring tools to detect unexpected file writes or modifications outside designated project directories during template rendering. 5. Integrate template scanning tools or static analysis to detect suspicious path traversal patterns in templates before execution. 6. Use containerized or sandboxed environments for template rendering to limit the impact of potential file overwrites. 7. Educate developers and DevOps teams about the risks of using untrusted templates and the importance of applying the --UNSAFE or --trust flags only when absolutely necessary and with caution.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-08-08T21:55:07.967Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68a3592dad5a09ad00b0a8b6

Added to database: 8/18/2025, 4:47:41 PM

Last enriched: 8/18/2025, 5:03:46 PM

Last updated: 8/19/2025, 12:34:27 AM

Views: 4

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats