CVE-2025-54796

Exploit

EPSS 0.07%
Published 01.08.2025 23:38:27
Last modified 12.09.2025 16:13:54
Source security-advisories@github.com
Teams watchlist Login
Open Login

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.

Affected products Warnungen 0 Metrics 2 CWE 3 References 6

Data is provided by the National Vulnerability Database (NVD)

9001 ≫ Copyparty Version < 1.18.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.21

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-833 Deadlock

The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.

https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6

Vendor Advisory

Exploit

https://github.com/9001/copyparty/commit/09910ba80784c3980947d92f45db696398c0fd83

Patch

https://github.com/9001/copyparty/releases/tag/v1.18.9

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-54796

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-54796

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-54796

EUVD