CVE-2025-54423 is a medium-severity cross-site scripting (XSS) vulnerability affecting copyparty, a portable file server software developed by 9001. The vulnerability exists in versions up to and including 1.18.4. It arises from improper sanitization of multimedia tags embedded within music files, including m3u playlist files. An unauthenticated attacker can exploit this flaw by crafting malicious multimedia files containing JavaScript code. When a victim accesses these files through the vulnerable copyparty server, the embedded script executes in the victim's browser context. This can lead to unauthorized actions such as session hijacking, defacement, or redirection to malicious sites. The vulnerability does not require authentication but does require user interaction, specifically the victim viewing or interacting with the malicious multimedia content served by copyparty. The issue is fixed in version 1.18.5. The CVSS v3.1 base score is 5.4, reflecting a network attack vector, low attack complexity, no privileges required, but user interaction needed, and limited confidentiality and integrity impact without availability impact. No known exploits in the wild have been reported as of the publication date.

For European organizations using copyparty versions prior to 1.18.5, this vulnerability poses a risk of client-side code execution in users' browsers. This can lead to theft of session tokens, unauthorized access to user accounts, or manipulation of user interactions with the file server. Organizations relying on copyparty for file sharing or internal distribution of multimedia content could see compromised user trust and potential data leakage. Although the vulnerability does not directly compromise server integrity or availability, the indirect effects of XSS attacks—such as phishing or malware delivery—could disrupt business operations and lead to reputational damage. Given copyparty's use case as a portable file server, environments with less stringent endpoint security or where users frequently access multimedia files from untrusted sources are at higher risk. The lack of authentication requirement for exploitation increases the threat surface, especially in public or semi-public deployments. However, the requirement for user interaction somewhat limits automated mass exploitation.

European organizations should immediately upgrade copyparty installations to version 1.18.5 or later to remediate this vulnerability. Until patching is complete, organizations should implement strict file upload and content validation policies to prevent malicious multimedia files from being uploaded or shared. Deploying web application firewalls (WAFs) with custom rules to detect and block suspicious multimedia tags or script injections can provide temporary protection. Educating users about the risks of interacting with untrusted multimedia files served by copyparty is critical. Additionally, organizations should monitor server logs for unusual file uploads or access patterns indicative of exploitation attempts. Employing Content Security Policy (CSP) headers can help mitigate the impact of XSS by restricting the execution of unauthorized scripts in browsers. Finally, restricting copyparty access to trusted networks or VPNs can reduce exposure to unauthenticated attackers.