CVE-2025-58753: 
Python vulnerability analysis and mitigation

CVE-2025-58753 is a security vulnerability discovered in copyparty software versions prior to 1.19.8. The vulnerability was disclosed on September 7, 2025, affecting the file sharing functionality of the application. When a share is created for a single file inside a folder, the vulnerability allowed attackers to access other files within the same folder by guessing filenames (GitHub Advisory).

The vulnerability is classified as a Moderate severity issue with a CVSS v4.0 base score of 5.3. The attack vector is Network-based with Low attack complexity, requiring Low privileges and No user interaction. The vulnerability stems from a missing permission-check in the shares feature (the shr global-option). While the vulnerability allowed access to sibling files in the same directory, it did not permit access to subdirectories (GitHub Advisory).

The vulnerability impacts the confidentiality of data with Low severity, while having No impact on integrity and availability. The exposure is limited to files within the same directory as the shared file, allowing unauthorized access to sibling files through filename guessing. The vulnerability does not affect filekeys or dirkeys (GitHub Advisory).

The vulnerability has been patched in copyparty version 1.19.8. Users are advised to upgrade to this version or later to address the security issue. The fix involves implementing proper permission checks for file shares by fencing fileshares to just the shared files (GitHub Release).

The vulnerability was announced through the project's Discord server with an @everyone mention to ensure widespread awareness. The project maintainers have classified this as an important security update requiring immediate attention (GitHub Release).