CVE-2025-54796: CWE-400: Uncontrolled Resource Consumption in 9001 copyparty
Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.
AI Analysis
Technical Summary
CVE-2025-54796 is a high-severity vulnerability affecting versions of the copyparty file server prior to 1.18.9. Copyparty is a portable file server application developed by 9001. The vulnerability arises from the handling of the "filter" parameter on the "Recent Uploads" page, which accepts arbitrary regular expressions (RegExes) when the feature is enabled — a default configuration. An attacker can craft a malicious RegEx filter that causes uncontrolled resource consumption, specifically leading to a deadlock condition on the server. This is categorized under CWE-400 (Uncontrolled Resource Consumption), CWE-1333 (Regular Expression Denial of Service), and CWE-833 (Deadlock). The vulnerability does not impact confidentiality or integrity but severely affects availability by causing the server to become unresponsive. The CVSS v3.1 score is 7.5 (high), with an attack vector of network (AV:N), no privileges required (PR:N), no user interaction (UI:N), and unchanged scope (S:U). No known exploits are reported in the wild as of the publication date. The issue was addressed in copyparty version 1.18.9, which disables or properly restricts the problematic RegEx filtering to prevent deadlocks. This vulnerability is particularly relevant for deployments exposing the "Recent Uploads" page to untrusted users or the public internet, as it allows remote unauthenticated attackers to trigger denial of service conditions remotely by sending crafted requests with malicious RegEx filters.
Potential Impact
For European organizations using copyparty versions prior to 1.18.9, this vulnerability poses a significant risk to service availability. Organizations relying on copyparty for file sharing or collaboration may experience denial of service outages if attackers exploit this flaw, potentially disrupting business operations, internal communications, or customer-facing services. The impact is primarily operational, with no direct data breach or integrity compromise reported. However, prolonged unavailability could lead to productivity losses, reputational damage, and increased incident response costs. Given the network-exploitable nature and lack of required authentication, attackers can remotely trigger the deadlock without insider access, increasing the threat surface. Organizations in sectors with high reliance on file sharing, such as media, education, and software development, may be more affected. Additionally, if copyparty is used in critical infrastructure or government environments in Europe, the availability impact could have broader implications. The absence of known exploits in the wild suggests a window of opportunity for proactive patching before widespread attacks emerge.
Mitigation Recommendations
1. Immediate upgrade to copyparty version 1.18.9 or later, which contains the fix for this vulnerability, is the most effective mitigation. 2. If upgrading is not immediately feasible, disable or restrict access to the "Recent Uploads" page filter feature, especially blocking or sanitizing user-supplied RegEx inputs to prevent malicious patterns. 3. Implement network-level protections such as Web Application Firewalls (WAFs) or reverse proxies to detect and block suspicious or malformed RegEx filter parameters in HTTP requests. 4. Monitor server performance and logs for signs of resource exhaustion or deadlock conditions related to RegEx processing. 5. Limit exposure of the copyparty service to trusted internal networks or VPNs to reduce the attack surface. 6. Educate administrators and users about the risks of arbitrary RegEx inputs and enforce strict input validation policies. 7. Regularly audit and update third-party software components to ensure timely application of security patches.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark
CVE-2025-54796: CWE-400: Uncontrolled Resource Consumption in 9001 copyparty
Description
Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.
AI-Powered Analysis
Technical Analysis
CVE-2025-54796 is a high-severity vulnerability affecting versions of the copyparty file server prior to 1.18.9. Copyparty is a portable file server application developed by 9001. The vulnerability arises from the handling of the "filter" parameter on the "Recent Uploads" page, which accepts arbitrary regular expressions (RegExes) when the feature is enabled — a default configuration. An attacker can craft a malicious RegEx filter that causes uncontrolled resource consumption, specifically leading to a deadlock condition on the server. This is categorized under CWE-400 (Uncontrolled Resource Consumption), CWE-1333 (Regular Expression Denial of Service), and CWE-833 (Deadlock). The vulnerability does not impact confidentiality or integrity but severely affects availability by causing the server to become unresponsive. The CVSS v3.1 score is 7.5 (high), with an attack vector of network (AV:N), no privileges required (PR:N), no user interaction (UI:N), and unchanged scope (S:U). No known exploits are reported in the wild as of the publication date. The issue was addressed in copyparty version 1.18.9, which disables or properly restricts the problematic RegEx filtering to prevent deadlocks. This vulnerability is particularly relevant for deployments exposing the "Recent Uploads" page to untrusted users or the public internet, as it allows remote unauthenticated attackers to trigger denial of service conditions remotely by sending crafted requests with malicious RegEx filters.
Potential Impact
For European organizations using copyparty versions prior to 1.18.9, this vulnerability poses a significant risk to service availability. Organizations relying on copyparty for file sharing or collaboration may experience denial of service outages if attackers exploit this flaw, potentially disrupting business operations, internal communications, or customer-facing services. The impact is primarily operational, with no direct data breach or integrity compromise reported. However, prolonged unavailability could lead to productivity losses, reputational damage, and increased incident response costs. Given the network-exploitable nature and lack of required authentication, attackers can remotely trigger the deadlock without insider access, increasing the threat surface. Organizations in sectors with high reliance on file sharing, such as media, education, and software development, may be more affected. Additionally, if copyparty is used in critical infrastructure or government environments in Europe, the availability impact could have broader implications. The absence of known exploits in the wild suggests a window of opportunity for proactive patching before widespread attacks emerge.
Mitigation Recommendations
1. Immediate upgrade to copyparty version 1.18.9 or later, which contains the fix for this vulnerability, is the most effective mitigation. 2. If upgrading is not immediately feasible, disable or restrict access to the "Recent Uploads" page filter feature, especially blocking or sanitizing user-supplied RegEx inputs to prevent malicious patterns. 3. Implement network-level protections such as Web Application Firewalls (WAFs) or reverse proxies to detect and block suspicious or malformed RegEx filter parameters in HTTP requests. 4. Monitor server performance and logs for signs of resource exhaustion or deadlock conditions related to RegEx processing. 5. Limit exposure of the copyparty service to trusted internal networks or VPNs to reduce the attack surface. 6. Educate administrators and users about the risks of arbitrary RegEx inputs and enforce strict input validation policies. 7. Regularly audit and update third-party software components to ensure timely application of security patches.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-07-29T16:50:28.395Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 688d5220ad5a09ad00cfe403
Added to database: 8/1/2025, 11:47:44 PM
Last enriched: 8/2/2025, 12:02:46 AM
Last updated: 8/2/2025, 7:40:12 AM
Views: 5
Related Threats
CVE-2025-8467: SQL Injection in code-projects Wazifa System
MediumCVE-2025-8488: CWE-862 Missing Authorization in brainstormforce Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder)
MediumCVE-2025-6722: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in bitslip6 BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security
MediumCVE-2025-8317: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in bnielsen Custom Word Cloud
MediumCVE-2025-8212: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nicheaddons Medical Addon for Elementor
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.