Refine your search
1 vulnerability found for Enterprise Server by Nextcloud
CERTFR-2025-AVI-0420
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | Groupfolders | Groupfolders versions 18.0.x antérieures à 18.0.3 | ||
| Nextcloud | Groupfolders | Groupfolders versions 17.0.x antérieures à 17.0.5 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 28.0.x antérieures à 28.0.14.6 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 26.0.x antérieures à 26.0.13.15 | ||
| Nextcloud | Desktop | Desktop versions antérieures à 3.15 | ||
| Nextcloud | Server | Server versions 31.0.x antérieures à 31.0.3 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 27.0.x antérieures à 27.1.11.15 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 29.0.x antérieures à 29.0.15 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 31.0.x antérieures à 31.0.3 | ||
| Nextcloud | Server | Server versions 29.0.x antérieures à 29.0.15 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 30.0.x antérieures à 30.0.9 | ||
| Nextcloud | Groupfolders | Groupfolders versions 16.0.x antérieures à 16.0.11 | ||
| Nextcloud | Server | Server versions 28.0.x antérieures à 28.0.13 | ||
| Nextcloud | Server | Server versions 30.0.x antérieures à 30.0.9 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Groupfolders versions 18.0.x ant\u00e9rieures \u00e0 18.0.3",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Groupfolders versions 17.0.x ant\u00e9rieures \u00e0 17.0.5",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 28.0.x ant\u00e9rieures \u00e0 28.0.14.6",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 26.0.x ant\u00e9rieures \u00e0 26.0.13.15",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Desktop versions ant\u00e9rieures \u00e0 3.15",
"product": {
"name": "Desktop",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 31.0.x ant\u00e9rieures \u00e0 31.0.3",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 27.0.x ant\u00e9rieures \u00e0 27.1.11.15",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 29.0.x ant\u00e9rieures \u00e0 29.0.15",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 31.0.x ant\u00e9rieures \u00e0 31.0.3",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 29.0.x ant\u00e9rieures \u00e0 29.0.15",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 30.0.x ant\u00e9rieures \u00e0 30.0.9",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Groupfolders versions 16.0.x ant\u00e9rieures \u00e0 16.0.11",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 28.0.x ant\u00e9rieures \u00e0 28.0.13",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 30.0.x ant\u00e9rieures \u00e0 30.0.9",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-47790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47790"
},
{
"name": "CVE-2025-47791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47791"
},
{
"name": "CVE-2025-47792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47792"
},
{
"name": "CVE-2025-47793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47793"
},
{
"name": "CVE-2025-47794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47794"
}
],
"initial_release_date": "2025-05-16T00:00:00",
"last_revision_date": "2025-05-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0420",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Nextcloud. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-qqgg-hhfq-vhww",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-q568-2933-gcjq",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q568-2933-gcjq"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-c7vq-m7f8-rx37",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7vq-m7f8-rx37"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-9h3w-f3h4-qqrh",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9h3w-f3h4-qqrh"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-qm2f-959g-7p65",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qm2f-959g-7p65"
}
]
}