CVE-2025-54796 – Copyparty versions before 1.18.9 have a vulnera... (How to Fix)

Q: What is the severity of CVE-2025-54796?

CVE-2025-54796 has a CVSS score of 7.5 (HIGH). Copyparty versions before 1.18.9 have a vulnerability where the filter parameter on the 'Recent Uploads' page accepts arbitrary regular expressions. When enabled (default configuration), attackers can craft malicious filters that cause server deadlocks, leading to denial of service. All users running vulnerable versions with the default configuration are affected.

📋 TL;DR

Copyparty versions before 1.18.9 have a vulnerability where the filter parameter on the 'Recent Uploads' page accepts arbitrary regular expressions. When enabled (default configuration), attackers can craft malicious filters that cause server deadlocks, leading to denial of service. All users running vulnerable versions with the default configuration are affected.

💻 Affected Systems

Products:

Copyparty

Versions: All versions prior to 1.18.9

Operating Systems: All platforms running Copyparty

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable feature is enabled by default in affected versions.

📦 What is this software?

Copyparty by 9001

View all CVEs affecting Copyparty →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server deadlock causing sustained denial of service, requiring manual intervention to restore service.

🟠

Likely Case

Temporary service disruption affecting file server availability until the deadlock is resolved.

🟢

If Mitigated

Minimal impact if feature is disabled or proper input validation is implemented.

🌐 Internet-Facing: HIGH - Internet-facing servers are directly accessible to attackers who can exploit this without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires crafting specific regular expressions that cause processing deadlocks. No authentication is required to access the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.18.9

Vendor Advisory: https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6

Restart Required: Yes

Instructions:

1. Download version 1.18.9 or later from GitHub releases. 2. Replace existing Copyparty installation with the updated version. 3. Restart the Copyparty service.

🔧 Temporary Workarounds

Disable Recent Uploads Filter Feature

all

Disable the vulnerable filter parameter functionality in configuration

Edit copyparty configuration to set '--no-recent-filter' or equivalent setting

Restrict Access to Recent Uploads Page

all

Use network controls or authentication to limit access to the vulnerable endpoint

Configure firewall rules or authentication requirements for the /recent endpoint

🧯 If You Can't Patch

Implement network segmentation to restrict access to Copyparty instances
Deploy web application firewall (WAF) rules to block malicious regular expression patterns

🔍 How to Verify

Check if Vulnerable:

Check if running Copyparty version earlier than 1.18.9 and if the recent uploads feature is enabled

Check Version:

Check Copyparty startup logs or run with --version flag if available

Verify Fix Applied:

Confirm version is 1.18.9 or later and test that crafted regex filters no longer cause deadlocks

📡 Detection & Monitoring

Log Indicators:

Unusual patterns in recent uploads filter requests
Server process hanging or high CPU usage without completion
Multiple failed requests to /recent endpoint

Network Indicators:

Unusually long HTTP requests to /recent endpoint with complex filter parameters
Sudden drop in server responsiveness

SIEM Query:

source="copyparty.log" AND (uri_path="/recent" AND filter=*) AND (process_hang OR cpu_usage>90)

📊 Metadata

CVE ID: CVE-2025-54796

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.06% exploit probability (19.1th percentile)

Published: August 2, 2025

Last Updated: September 12, 2025

🔗 References

https://github.com/9001/copyparty/commit/09910ba80784c3980947d92f45db696398c0fd83 Patch
https://github.com/9001/copyparty/releases/tag/v1.18.9 Release Notes
https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6 Exploit,Vendor Advisory
https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54796, you might also want to check these: