Is copyparty affected by CVE-2025-54589?

PyPI copyparty is affected in <1.18.7.

Is CVE-2025-54589 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 2.3%.

medium

CVE-2025-54589

Q: Is CVE-2025-54589 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 2.3%.

PyPI · copyparty

Summary

copyparty Reflected XSS via Filter Parameter

Severity: medium
EPSS: 2.3% (p81)
Also known as: GHSA-8mx2-rjh8-q3jq
Published: 2025-07-31

References

https://github.com/9001/copyparty/security/advisories/GHSA-8mx2-rjh8-q3jq
https://nvd.nist.gov/vuln/detail/CVE-2025-54589
https://github.com/9001/copyparty/commit/a8705e611d05eeb22be5d3d7d9ab5c020fe54c62

Related advisories

CVE-2025-54796 — high · PyPI/copyparty
CVE-2026-32109 — medium · PyPI/copyparty
CVE-2026-32108 — medium · PyPI/copyparty
CVE-2026-30974 — medium · PyPI/copyparty
CVE-2026-27948 — medium · PyPI/copyparty
CVE-2025-58753 — medium · PyPI/copyparty
CVE-2025-54423 — medium · PyPI/copyparty

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.