Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.
                
            References
                    | Link | Resource | 
|---|---|
| https://github.com/9001/copyparty/commit/09910ba80784c3980947d92f45db696398c0fd83 | Patch | 
| https://github.com/9001/copyparty/releases/tag/v1.18.9 | Release Notes | 
| https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6 | Exploit Vendor Advisory | 
| https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6 | Exploit Vendor Advisory | 
Configurations
                    History
                    12 Sep 2025, 16:13
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time | 9001 copyparty 9001 | |
| Summary | (es) Copyparty es un servidor de archivos portátil. En versiones anteriores a la 1.18.9, el parámetro de filtro de la página "Subidas recientes" permite expresiones regulares arbitrarias. Si esta función está habilitada (por defecto), un atacante puede manipular un filtro que bloquee el servidor. Esto se solucionó en la versión 1.18.9. | |
| References | () https://github.com/9001/copyparty/commit/09910ba80784c3980947d92f45db696398c0fd83 - Patch | |
| References | () https://github.com/9001/copyparty/releases/tag/v1.18.9 - Release Notes | |
| References | () https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6 - Exploit, Vendor Advisory | |
| CPE | cpe:2.3:a:9001:copyparty:*:*:*:*:*:*:*:* | 
04 Aug 2025, 16:15
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6 - | 
04 Aug 2025, 15:06
| Type | Values Removed | Values Added | 
|---|---|---|
| Summary | 
 | 
02 Aug 2025, 00:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-08-02 00:15
Updated : 2025-09-12 16:13
NVD link : CVE-2025-54796
Mitre link : CVE-2025-54796
CVE.ORG link : CVE-2025-54796
JSON object : View
Products Affected
                9001
- copyparty
