Missing Permission Check in Copyparty's Shares Feature
CVE-2025-58753

5.3MEDIUM

Key Information:

Vendor

9001

Status
Copyparty
Vendor
CVE Published:
9 September 2025

What is CVE-2025-58753?

Copyparty, a portable file server, had a vulnerability in its shares feature allowing unauthorized access to files within a shared folder. This issue arose due to a missing permission check, where it was feasible to guess filenames and access sibling files despite sharing options intended for single file access. However, access to files within subdirectories remained restricted. The vulnerability has been resolved in version 1.19.8.

Affected Version(s)

copyparty < 1.19.8

References

https://github.com/9001/copyparty/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/9001/copyparty/commit/e0a92ba72d460742...
x_refsource_MISC
https://github.com/9001/copyparty/releases/tag/v1.19.8
x_refsource_MISC

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-58753 : Missing Permission Check in Copyparty's Shares Feature