CVE-2025-54796 — HIGH (7.5)

Q: How severe is CVE-2025-54796?

CVE-2025-54796 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-54796?

Check the references section above for vendor advisories and patch information. Affected products include: 9001 Copyparty.

Vulnerability Description

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
9001	Copyparty	< 1.18.9

Related Weaknesses (CWE)

CWE-833 CWE-400 CWE-1333

References

https://github.com/9001/copyparty/commit/09910ba80784c3980947d92f45db696398c0fd8Patch
https://github.com/9001/copyparty/releases/tag/v1.18.9Release Notes
https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6ExploitVendor Advisory
https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6ExploitVendor Advisory

FAQ

What is CVE-2025-54796?

CVE-2025-54796 is a vulnerability with a CVSS score of 7.5 (HIGH). Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attack...

How severe is CVE-2025-54796?

CVE-2025-54796 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-54796?

Check the references section above for vendor advisories and patch information. Affected products include: 9001 Copyparty.