Reflected XSS Vulnerability in Copyparty File Server by 9001
CVE-2025-54589

6.3MEDIUM

Key Information:

Vendor

9001

Status
Copyparty
Vendor
CVE Published:
31 July 2025

What is CVE-2025-54589?

A reflected XSS vulnerability in Copyparty versions 1.18.6 and earlier allows users to manipulate input fields on the recent uploads page. This vulnerability emerges when user-entered filter parameters are directly reflected into a <script> block, enabling attackers to execute arbitrary scripts in the context of users' browsers. This poses a risk for both authenticated and unauthenticated users interacting with the affected application. Users are advised to update to Copyparty version 1.18.7, which addresses this security flaw.

Affected Version(s)

copyparty < 1.18.7

References

https://github.com/9001/copyparty/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/9001/copyparty/commit/a8705e611d05eeb2...
x_refsource_MISC
https://github.com/9001/copyparty/releases/tag/v1.18.7
x_refsource_MISC

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-54589 : Reflected XSS Vulnerability in Copyparty File Server by 9001