JavaScript Code Execution Vulnerability in copyparty by 9001
CVE-2025-54423
Currently unrated
What is CVE-2025-54423?
The copyparty file server, in versions up to and including 1.18.4, is susceptible to a security flaw that permits unauthenticated attackers to execute arbitrary JavaScript in the browsers of users accessing multimedia files. This arises due to inadequate sanitization of multimedia tags, particularly in music file formats like m3u. The vulnerability has been addressed in version 1.18.5, reinforcing the importance of regular software updates to maintain security.