CVE-2025-54589 Scanner

Copyparty is a versatile file sharing platform that allows users to host and disseminate files effectively. Commonly used in both personal and corporate environments, it supports a multitude of users for sharing media and documents. Its flexible nature finds applications in enterprises that need a simple internal sharing tool. Educational institutions use it as an accessible resource distribution method. Copyparty is renowned for its ease of use, enabling anyone to quickly share files without needing complex setups. Its open-source development ethos means it is continually evolving, incorporating community feedback for various use cases.

Cross-Site Scripting (XSS) is a common web security vulnerability that allows attackers to inject scripts into content from otherwise trusted websites. Copyparty versions <=1.18.6 are vulnerable due to inadequate sanitization of user inputs in the 'filter' parameter on the '/?ru' endpoint. This vulnerability could allow attackers to execute arbitrary scripts in a user's browser session, leading to unauthorized actions such as phishing, session hijacking, and more. Effective exploitation can entail embedding malicious JavaScript that executes upon viewing a link that appears legitimate. The vulnerability primarily affects web applications that dynamically include user input in the browser.

The XSS vulnerability in Copyparty exploits the 'filter' parameter of the '/?ru' endpoint. When a specially crafted URL containing malicious script elements is supplied, the input is unsanitized and reflected back to the user. This allows for arbitrary JavaScript to be executed in the context of the victim's browser. The vulnerable endpoint exposes the application to script-based breaches through HTML responses. Attackers manipulate the input to leverage the web application's response against it, creating a loophole for scripting attacks. The script execution is persistent in the context of the endpoint where the dynamic script is reflected.

Exploiting this XSS vulnerability can have severe effects on affected systems. Unauthorized scripts may execute in the victim's browser, leading to session hijacking, data theft, and credential compromise. Attackers might conduct phishing attacks by mimicking legitimate actions or stealing session cookies. This vulnerability presents a risk of unauthorized manipulation of web content viewed by users. Additionally, it can jeopardize confidentiality if sensitive user data is accessed through malicious scripts. It might also lead to unauthorized access or distribution of resources shared through Copyparty, affecting user trust and application integrity.

REFERENCES

• https://github.com/9001/copyparty
• https://secalerts.co/vulnerability/CVE-2025-54589
• https://github.com/9001/copyparty/security/advisories/GHSA-8mx2-rjh8-q3jq
• https://nvd.nist.gov/vuln/detail/CVE-2025-54589