CVE-2025-58753

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Copyparty versions prior to 1.19.8

Description: Copyparty is a portable file server. A missing permission-check in the shares feature (shr global-option) allowed access to sibling files within a shared folder by guessing filenames when a share was created for only one file inside that folder. Access was limited to sibling files and did not extend to subdirectories. This issue did not affect filekeys or dirkeys.

Recommendations: Update to version 1.19.8 or later.

Exploit

Fix

Missing Authorization

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-552

Related Identifiers

CVE-2025-58753

GHSA-PXVW-4W88-6X95

Affected Products

Copyparty

CVE-2025-58753

Weakness Enumeration

Related Identifiers

Affected Products

References · 12