CVE-2025-54423 Information

Description

copyparty is a portable file server. In versions up to and including versions 1.18.4 an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim’s browser due to improper sanitization of multimedia tags in music files including m3u files. This is fixed in version 1.18.5.

Reference

https://github.com/9001/copyparty/commit/895880aeb0be0813ddf732487596633f8f9fc3a6 https://github.com/9001/copyparty/releases/tag/v1.18.5 https://github.com/9001/copyparty/security/advisories/GHSA-9q4r-x2hj-jmvr

Related CNNVD

CNNVD-202507-3558 (Published: 2025-07-28)