Is copyparty affected by CVE-2025-58753?

PyPI copyparty is affected in <1.19.8.

Is CVE-2025-58753 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

medium

CVE-2025-58753

Q: Is CVE-2025-58753 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

PyPI · copyparty

Summary

copyparty: Sharing a single file does not fully restrict access to other files in source folder

Severity: medium
EPSS: 0.3% (p26)
Also known as: GHSA-pxvw-4w88-6x95
Published: 2025-09-09

References

https://github.com/9001/copyparty/security/advisories/GHSA-pxvw-4w88-6x95
https://nvd.nist.gov/vuln/detail/CVE-2025-58753
https://github.com/9001/copyparty/commit/e0a92ba72d46074209a9c304eb2a01ca0429e60c

Related advisories

CVE-2025-54796 — high · PyPI/copyparty
CVE-2026-32109 — medium · PyPI/copyparty
CVE-2026-32108 — medium · PyPI/copyparty
CVE-2026-30974 — medium · PyPI/copyparty
CVE-2026-27948 — medium · PyPI/copyparty
CVE-2025-54589 — medium · PyPI/copyparty
CVE-2025-54423 — medium · PyPI/copyparty

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.