CVE-2025-54796
BaseFortify
Publication date: 2025-08-02
Last updated on: 2025-09-12
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 9001 | copyparty | to 1.18.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-833 | The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. |
| CWE-1333 | The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Copyparty versions prior to 1.18.9, where the filter parameter for the "Recent Uploads" page allows arbitrary regular expressions (RegExes). If this feature is enabled (which it is by default), an attacker can craft a malicious filter that causes the server to deadlock, effectively making it unresponsive. This issue was fixed in version 1.18.9.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can cause the Copyparty server to deadlock, leading to a denial of service (DoS) condition. This means the server becomes unresponsive and unavailable to legitimate users, potentially disrupting access to files and services provided by the server.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Copyparty to version 1.18.9 or later, as this version fixes the vulnerability related to arbitrary RegEx filters causing server deadlocks. Additionally, if possible, disable the filter feature on the "Recent Uploads" page until the upgrade is applied.