Description

copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. This is fixed in version 1.18.5.

INFO

Published Date :

2025-07-28T19:53:24.109Z

Last Modified :

2025-07-28T20:20:15.875Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54423 vulnerability.

Vendors Products
9001
  • Copyparty
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54423.

URL Resource
https://github.com/9001/copyparty/commit/895880aeb0be0813ddf732487596633f8f9fc3a6 cve-icon cve-icon
https://github.com/9001/copyparty/releases/tag/v1.18.5 cve-icon cve-icon
https://github.com/9001/copyparty/security/advisories/GHSA-9q4r-x2hj-jmvr cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact