CVE-2025-54796 is a high-severity vulnerability affecting versions of the copyparty file server prior to 1.18.9. Copyparty is a portable file server application developed by 9001. The vulnerability arises from the handling of the "filter" parameter on the "Recent Uploads" page, which accepts arbitrary regular expressions (RegExes) when the feature is enabled — a default configuration. An attacker can craft a malicious RegEx filter that causes uncontrolled resource consumption, specifically leading to a deadlock condition on the server. This is categorized under CWE-400 (Uncontrolled Resource Consumption), CWE-1333 (Regular Expression Denial of Service), and CWE-833 (Deadlock). The vulnerability does not impact confidentiality or integrity but severely affects availability by causing the server to become unresponsive. The CVSS v3.1 score is 7.5 (high), with an attack vector of network (AV:N), no privileges required (PR:N), no user interaction (UI:N), and unchanged scope (S:U). No known exploits are reported in the wild as of the publication date. The issue was addressed in copyparty version 1.18.9, which disables or properly restricts the problematic RegEx filtering to prevent deadlocks. This vulnerability is particularly relevant for deployments exposing the "Recent Uploads" page to untrusted users or the public internet, as it allows remote unauthenticated attackers to trigger denial of service conditions remotely by sending crafted requests with malicious RegEx filters.

For European organizations using copyparty versions prior to 1.18.9, this vulnerability poses a significant risk to service availability. Organizations relying on copyparty for file sharing or collaboration may experience denial of service outages if attackers exploit this flaw, potentially disrupting business operations, internal communications, or customer-facing services. The impact is primarily operational, with no direct data breach or integrity compromise reported. However, prolonged unavailability could lead to productivity losses, reputational damage, and increased incident response costs. Given the network-exploitable nature and lack of required authentication, attackers can remotely trigger the deadlock without insider access, increasing the threat surface. Organizations in sectors with high reliance on file sharing, such as media, education, and software development, may be more affected. Additionally, if copyparty is used in critical infrastructure or government environments in Europe, the availability impact could have broader implications. The absence of known exploits in the wild suggests a window of opportunity for proactive patching before widespread attacks emerge.

1. Immediate upgrade to copyparty version 1.18.9 or later, which contains the fix for this vulnerability, is the most effective mitigation. 2. If upgrading is not immediately feasible, disable or restrict access to the "Recent Uploads" page filter feature, especially blocking or sanitizing user-supplied RegEx inputs to prevent malicious patterns. 3. Implement network-level protections such as Web Application Firewalls (WAFs) or reverse proxies to detect and block suspicious or malformed RegEx filter parameters in HTTP requests. 4. Monitor server performance and logs for signs of resource exhaustion or deadlock conditions related to RegEx processing. 5. Limit exposure of the copyparty service to trusted internal networks or VPNs to reduce the attack surface. 6. Educate administrators and users about the risks of arbitrary RegEx inputs and enforce strict input validation policies. 7. Regularly audit and update third-party software components to ensure timely application of security patches.