Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature (the `shr` global-option). When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. It was not possible to descend into subdirectories in this manner; only the sibling files were accessible. This issue did not affect filekeys or dirkeys. Version 1.19.8 fixes the issue.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 09 Sep 2025 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature (the `shr` global-option). When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. It was not possible to descend into subdirectories in this manner; only the sibling files were accessible. This issue did not affect filekeys or dirkeys. Version 1.19.8 fixes the issue. | |
Title | copyparty: Sharing a single file does not fully restrict access to other files in source folder | |
Weaknesses | CWE-552 CWE-862 |
|
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-09-09T19:54:36.056Z
Reserved: 2025-09-04T19:18:09.499Z
Link: CVE-2025-58753

No data.

Status : Received
Published: 2025-09-09T20:15:49.003
Modified: 2025-09-09T20:15:49.003
Link: CVE-2025-58753

No data.

No data.