Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature (the `shr` global-option). When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. It was not possible to descend into subdirectories in this manner; only the sibling files were accessible. This issue did not affect filekeys or dirkeys. Version 1.19.8 fixes the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 18 Sep 2025 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:9001:copyparty:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Thu, 11 Sep 2025 10:45:00 +0000

Type Values Removed Values Added
First Time appeared 9001
9001 copyparty
Vendors & Products 9001
9001 copyparty

Wed, 10 Sep 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 09 Sep 2025 20:00:00 +0000

Type Values Removed Values Added
Description Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature (the `shr` global-option). When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. It was not possible to descend into subdirectories in this manner; only the sibling files were accessible. This issue did not affect filekeys or dirkeys. Version 1.19.8 fixes the issue.
Title copyparty: Sharing a single file does not fully restrict access to other files in source folder
Weaknesses CWE-552
CWE-862
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-09-10T20:17:30.500Z

Reserved: 2025-09-04T19:18:09.499Z

Link: CVE-2025-58753

cve-icon Vulnrichment

Updated: 2025-09-10T20:17:24.517Z

cve-icon NVD

Status : Analyzed

Published: 2025-09-09T20:15:49.003

Modified: 2025-09-18T17:35:49.163

Link: CVE-2025-58753

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-11T10:42:54Z