Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature (the `shr` global-option). When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. It was not possible to descend into subdirectories in this manner; only the sibling files were accessible. This issue did not affect filekeys or dirkeys. Version 1.19.8 fixes the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 09 Sep 2025 20:00:00 +0000

Type Values Removed Values Added
Description Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature (the `shr` global-option). When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. It was not possible to descend into subdirectories in this manner; only the sibling files were accessible. This issue did not affect filekeys or dirkeys. Version 1.19.8 fixes the issue.
Title copyparty: Sharing a single file does not fully restrict access to other files in source folder
Weaknesses CWE-552
CWE-862
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-09-09T19:54:36.056Z

Reserved: 2025-09-04T19:18:09.499Z

Link: CVE-2025-58753

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-09-09T20:15:49.003

Modified: 2025-09-09T20:15:49.003

Link: CVE-2025-58753

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.