CVE-2025-54796 is a high-severity vulnerability affecting versions of the copyparty file server prior to 1.18.9. Copyparty is a portable file server application developed by 9001 that allows users to share files over a network. The vulnerability arises from the "filter" parameter used on the "Recent Uploads" page, which accepts arbitrary regular expressions (RegExes) when filtering uploaded files. By default, this feature is enabled. An attacker can craft a malicious RegEx filter designed to cause uncontrolled resource consumption, specifically leading to a server deadlock. This is a classic example of CWE-400 (Uncontrolled Resource Consumption), where the server's CPU or memory resources are exhausted by processing complex or malicious input. The vulnerability also relates to CWE-1333 and CWE-833, which involve improper handling of regular expressions and potential denial of service conditions. Exploiting this vulnerability requires no authentication or user interaction, and the attack can be launched remotely over the network (CVSS vector AV:N/AC:L/PR:N/UI:N). The impact is limited to availability, as the server becomes unresponsive or deadlocked, denying legitimate users access to the file server. The vulnerability was publicly disclosed on August 1, 2025, and fixed in version 1.18.9 of copyparty. No known exploits are currently reported in the wild, but the ease of exploitation and the default enabled state of the vulnerable feature make this a significant risk for affected deployments.

For European organizations using copyparty versions prior to 1.18.9, this vulnerability poses a significant risk to service availability. Organizations relying on copyparty for file sharing and collaboration could experience denial of service conditions if an attacker exploits this flaw by submitting crafted RegEx filters. This could disrupt business operations, especially in sectors where timely file access is critical, such as legal, healthcare, education, and media. Since the attack requires no authentication, any external or internal user with access to the "Recent Uploads" page could trigger the deadlock, potentially enabling denial of service from both insider threats and external attackers. The lack of confidentiality or integrity impact reduces the risk of data breaches, but the availability impact alone can cause operational downtime and reputational damage. Additionally, organizations with compliance obligations under regulations like GDPR must consider the operational risks and potential service interruptions caused by such vulnerabilities. The absence of known exploits in the wild suggests that proactive patching can effectively mitigate the threat before widespread exploitation occurs.

European organizations should immediately assess their use of copyparty and identify any instances running versions prior to 1.18.9. The primary mitigation is to upgrade copyparty to version 1.18.9 or later, where this vulnerability is fixed. If immediate upgrading is not feasible, organizations should consider disabling the "filter" feature on the "Recent Uploads" page to prevent the processing of arbitrary RegEx filters. Additionally, implementing network-level protections such as web application firewalls (WAFs) with custom rules to detect and block suspicious RegEx patterns can help reduce exposure. Monitoring server performance and logs for unusual spikes in CPU or memory usage related to the "Recent Uploads" page can provide early detection of exploitation attempts. Limiting access to the copyparty interface to trusted internal networks or authenticated users can also reduce the attack surface. Finally, organizations should incorporate this vulnerability into their vulnerability management and incident response processes to ensure timely detection and remediation.