Search criteria
553 vulnerabilities found for nextcloud_server by nextcloud
CVE-2026-45285 (GCVE-0-2026-45285)
Vulnerability from nvd – Published: 2026-06-01 16:57 – Updated: 2026-06-02 12:50
VLAI
Title
Nextcloud: Hidden Public Link creation when sharing to a Team External Member
Summary
Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes an external member (a person added via email address who does not have a Nextcloud account), the system automatically creates a public link for that external member. This public link is not displayed in the share section of the folder, so the folder owner has no knowledge of its existence. It is sent via email to the external member. It grants the same permissions (read, write, delete, reshare, download) as the Team’s access. An attacker who receives or intercepts this link can access, modify, delete, reshare, and download all data in the shared folder without any further authentication. The folder owner cannot see or revoke the link through the normal sharing interface. This issue has been patched in versions 32.0.9 and 33.0.3.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/circles/pull/2454 | x_refsource_MISC |
| https://hackerone.com/reports/3625932 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 32.0.0, < 32.0.9
Affected: >= 33.0.0, < 33.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T12:49:57.366871Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:50:07.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0, \u003c 32.0.9"
},
{
"status": "affected",
"version": "\u003e= 33.0.0, \u003c 33.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes an external member (a person added via email address who does not have a Nextcloud account), the system automatically creates a public link for that external member. This public link is not displayed in the share section of the folder, so the folder owner has no knowledge of its existence. It is sent via email to the external member. It grants the same permissions (read, write, delete, reshare, download) as the Team\u2019s access. An attacker who receives or intercepts this link can access, modify, delete, reshare, and download all data in the shared folder without any further authentication. The folder owner cannot see or revoke the link through the normal sharing interface. This issue has been patched in versions 32.0.9 and 33.0.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:57:50.447Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r3xh-x86g-hw4m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r3xh-x86g-hw4m"
},
{
"name": "https://github.com/nextcloud/circles/pull/2454",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/circles/pull/2454"
},
{
"name": "https://hackerone.com/reports/3625932",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3625932"
}
],
"source": {
"advisory": "GHSA-r3xh-x86g-hw4m",
"discovery": "UNKNOWN"
},
"title": "Nextcloud: Hidden Public Link creation when sharing to a Team External Member"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45285",
"datePublished": "2026-06-01T16:57:50.447Z",
"dateReserved": "2026-05-11T20:14:43.200Z",
"dateUpdated": "2026-06-02T12:50:07.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45283 (GCVE-0-2026-45283)
Vulnerability from nvd – Published: 2026-06-01 16:53 – Updated: 2026-06-01 21:42
VLAI
Title
Nextcloud: Files Lock app allows users to lock and unlock files of other users
Summary
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or unlock files belonging to other users by targeting their absolute WebDAV paths. Additionally, lock tokens were disclosed to unauthorized callers in error responses, allowing attackers to remove token-based locks placed by other users' client applications. It is recommended that the Nextcloud Server is upgraded to 32.0.2 or 33.0.1. It is recommended that the Nextcloud Enterprise Server is upgraded to 31.0.14.4 or 32.0.2 or 33.0.1
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/files_lock/pull/1007 | x_refsource_MISC |
| https://hackerone.com/reports/3301553# | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 32.0.0, < 32.0.2
Affected: >= 33.0.0, < 33.0.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T21:41:51.211198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T21:42:51.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0, \u003c 32.0.2"
},
{
"status": "affected",
"version": "\u003e= 33.0.0, \u003c 33.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or unlock files belonging to other users by targeting their absolute WebDAV paths. Additionally, lock tokens were disclosed to unauthorized callers in error responses, allowing attackers to remove token-based locks placed by other users\u0027 client applications. It is recommended that the Nextcloud Server is upgraded to 32.0.2 or 33.0.1. It is recommended that the Nextcloud Enterprise Server is upgraded to 31.0.14.4 or 32.0.2 or 33.0.1"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:53:50.656Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4chh-6mhf-p4jj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4chh-6mhf-p4jj"
},
{
"name": "https://github.com/nextcloud/files_lock/pull/1007",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/files_lock/pull/1007"
},
{
"name": "https://hackerone.com/reports/3301553#",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3301553#"
}
],
"source": {
"advisory": "GHSA-4chh-6mhf-p4jj",
"discovery": "UNKNOWN"
},
"title": "Nextcloud: Files Lock app allows users to lock and unlock files of other users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45283",
"datePublished": "2026-06-01T16:53:50.656Z",
"dateReserved": "2026-05-11T18:41:13.158Z",
"dateUpdated": "2026-06-01T21:42:51.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45282 (GCVE-0-2026-45282)
Vulnerability from nvd – Published: 2026-06-01 16:53 – Updated: 2026-06-01 19:28
VLAI
Title
Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access
Summary
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download restrictions. It is applicable to any file that is shared directly, as the attacker only needs to know a documentId they own, apart of the mentioned share token. For shared folders the attacker has to know or guess a documentId of a file that is included inside the folder, making it much harder to exploit. The attacker can only extract an attachments, but not the file shared file or folder itself. It is recommended that the Nextcloud Server is upgraded to 33.0.3 or 32.0.9. It is recommended that the Nextcloud Enterprise Server is upgraded to 33.0.3, 32.0.9, 31.0.14.5, 30.0.17.9, 29.0.16.16, 28.0.14.17 or 27.1.11.5
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/text/pull/8499 | x_refsource_MISC |
| https://hackerone.com/reports/3577244 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 32.0.0, < 32.0.9
Affected: >= 33.0.0, < 33.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T19:28:33.016749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T19:28:48.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0, \u003c 32.0.9"
},
{
"status": "affected",
"version": "\u003e= 33.0.0, \u003c 33.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download restrictions. It is applicable to any file that is shared directly, as the attacker only needs to know a documentId they own, apart of the mentioned share token. For shared folders the attacker has to know or guess a documentId of a file that is included inside the folder, making it much harder to exploit. The attacker can only extract an attachments, but not the file shared file or folder itself. It is recommended that the Nextcloud Server is upgraded to 33.0.3 or 32.0.9. It is recommended that the Nextcloud Enterprise Server is upgraded to 33.0.3, 32.0.9, 31.0.14.5, 30.0.17.9, 29.0.16.16, 28.0.14.17 or 27.1.11.5"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:53:18.823Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35fx-69q6-xpjr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35fx-69q6-xpjr"
},
{
"name": "https://github.com/nextcloud/text/pull/8499",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/text/pull/8499"
},
{
"name": "https://hackerone.com/reports/3577244",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3577244"
}
],
"source": {
"advisory": "GHSA-35fx-69q6-xpjr",
"discovery": "UNKNOWN"
},
"title": "Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45282",
"datePublished": "2026-06-01T16:53:18.823Z",
"dateReserved": "2026-05-11T18:41:13.157Z",
"dateUpdated": "2026-06-01T19:28:48.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45281 (GCVE-0-2026-45281)
Vulnerability from nvd – Published: 2026-06-01 16:52 – Updated: 2026-06-01 19:22
VLAI
Title
Nextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update
Summary
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the attacker must be an authenticated user. This is because of improper authorization controls in the backend of the calendar. If the attacker had access to the calendar, they would be able to view and modify it. It is recommended that the Nextcloud Server is upgraded to 33.0.3 or 32.0.9. It is recommended that the Nextcloud Enterprise Server is upgraded to 33.0.3, 32.0.9, 31.0.14.5, 30.0.17.9, 29.0.16.16, 28.0.14.17, 27.1.11.26, 26.0.13.26, 25.0.13.29, 24.0.12.34, 23.0.12.35, 22.2.10.39, or 21.0.9.23
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/server/pull/59962 | x_refsource_MISC |
| https://hackerone.com/reports/3545964 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 32.0.0, < 32.0.9
Affected: >= 33.0.0, < 33.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T19:22:37.089766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T19:22:51.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0, \u003c 32.0.9"
},
{
"status": "affected",
"version": "\u003e= 33.0.0, \u003c 33.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users\u2019 principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the attacker must be an authenticated user. This is because of improper authorization controls in the backend of the calendar. If the attacker had access to the calendar, they would be able to view and modify it. It is recommended that the Nextcloud Server is upgraded to 33.0.3 or 32.0.9. It is recommended that the Nextcloud Enterprise Server is upgraded to 33.0.3, 32.0.9, 31.0.14.5, 30.0.17.9, 29.0.16.16, 28.0.14.17, 27.1.11.26, 26.0.13.26, 25.0.13.29, 24.0.12.34, 23.0.12.35, 22.2.10.39, or 21.0.9.23"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:52:57.245Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hrrv-mp25-26vv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hrrv-mp25-26vv"
},
{
"name": "https://github.com/nextcloud/server/pull/59962",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/59962"
},
{
"name": "https://hackerone.com/reports/3545964",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3545964"
}
],
"source": {
"advisory": "GHSA-hrrv-mp25-26vv",
"discovery": "UNKNOWN"
},
"title": "Nextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45281",
"datePublished": "2026-06-01T16:52:57.245Z",
"dateReserved": "2026-05-11T18:41:13.157Z",
"dateUpdated": "2026-06-01T19:22:51.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45279 (GCVE-0-2026-45279)
Vulnerability from nvd – Published: 2026-06-01 16:52 – Updated: 2026-06-02 12:50
VLAI
Title
Nextcloud: Limited path traversal via template API if using `{lang}` in config
Summary
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config value, non-admin users can in some cases copy arbitrary files (depending on unix permissions) into their own Nextcloud directory via a path traversal. It is recommended that the Nextcloud Server is upgraded to 32.0.4, 31.0.14. It is recommended that the Nextcloud Enterprise Server is upgraded to 32.0.4, 31.0.14, 30.0.17.7, 29.0.17.12, 28.0.14.15
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/server/pull/57414/files | x_refsource_MISC |
| https://hackerone.com/reports/3468140 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 31.0.0, < 31.0.14
Affected: >= 32.0.0, < 32.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T12:50:41.800240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:50:50.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 31.0.0, \u003c 31.0.14"
},
{
"status": "affected",
"version": "\u003e= 32.0.0, \u003c 32.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config value, non-admin users can in some cases copy arbitrary files (depending on unix permissions) into their own Nextcloud directory via a path traversal. It is recommended that the Nextcloud Server is upgraded to 32.0.4, 31.0.14. It is recommended that the Nextcloud Enterprise Server is upgraded to 32.0.4, 31.0.14, 30.0.17.7, 29.0.17.12, 28.0.14.15"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:52:18.958Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j33j-qph5-4wch",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j33j-qph5-4wch"
},
{
"name": "https://github.com/nextcloud/server/pull/57414/files",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/57414/files"
},
{
"name": "https://hackerone.com/reports/3468140",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3468140"
}
],
"source": {
"advisory": "GHSA-j33j-qph5-4wch",
"discovery": "UNKNOWN"
},
"title": "Nextcloud: Limited path traversal via template API if using `{lang}` in config"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45279",
"datePublished": "2026-06-01T16:52:18.958Z",
"dateReserved": "2026-05-11T18:41:13.157Z",
"dateUpdated": "2026-06-02T12:50:50.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64011 (GCVE-0-2025-64011)
Vulnerability from nvd – Published: 2025-12-12 00:00 – Updated: 2025-12-12 19:12
VLAI
Summary
Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such as text files or images, without prior sharing permissions.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T19:12:30.962776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T19:12:34.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such as text files or images, without prior sharing permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T17:08:10.217Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://drive.google.com/file/d/1eD3PN-u1caZYgGH96XHmJ7h_OBXEAHW4/view?usp=sharing"
},
{
"url": "https://nextcloud.com"
},
{
"url": "https://gist.github.com/tarekramm/586dfe2d113fedfee6d71182570fc090"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-64011",
"datePublished": "2025-12-12T00:00:00.000Z",
"dateReserved": "2025-10-27T00:00:00.000Z",
"dateUpdated": "2025-12-12T19:12:34.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66552 (GCVE-0-2025-66552)
Vulnerability from nvd – Published: 2025-12-05 16:36 – Updated: 2025-12-05 18:25
VLAI
Title
Nextcloud Server admin_audit does not log all actions on files in groupfolders
Summary
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed in Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-778 - Insufficient Logging
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/server/pull/50992 | x_refsource_MISC |
| https://github.com/nextcloud/server/commit/7cc005… | x_refsource_MISC |
| https://hackerone.com/reports/2890071 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 32.0.0beta1, < 32.0.1
Affected: < 31.0.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T18:24:11.355947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T18:25:06.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0beta1, \u003c 32.0.1"
},
{
"status": "affected",
"version": "\u003c 31.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed in Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-778",
"description": "CWE-778: Insufficient Logging",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:36:39.749Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ww9m-f8j4-jj9x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ww9m-f8j4-jj9x"
},
{
"name": "https://github.com/nextcloud/server/pull/50992",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/50992"
},
{
"name": "https://github.com/nextcloud/server/commit/7cc005c43c72bc384848cf8cb851895827c412f6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/7cc005c43c72bc384848cf8cb851895827c412f6"
},
{
"name": "https://hackerone.com/reports/2890071",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/2890071"
}
],
"source": {
"advisory": "GHSA-ww9m-f8j4-jj9x",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Server admin_audit does not log all actions on files in groupfolders"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66552",
"datePublished": "2025-12-05T16:36:39.749Z",
"dateReserved": "2025-12-04T15:57:22.034Z",
"dateUpdated": "2025-12-05T18:25:06.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66547 (GCVE-0-2025-66547)
Vulnerability from nvd – Published: 2025-12-05 16:32 – Updated: 2025-12-05 18:20
VLAI
Title
Nextcloud Server users can modify tags on files that do not belong to them
Summary
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/server/issues/51247 | x_refsource_MISC |
| https://github.com/nextcloud/server/pull/51288 | x_refsource_MISC |
| https://github.com/nextcloud/server/commit/b44f15… | x_refsource_MISC |
| https://hackerone.com/reports/3040887 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 31.0.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T18:20:11.023676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T18:20:43.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 31.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:32:17.359Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hq6c-r898-fgf2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hq6c-r898-fgf2"
},
{
"name": "https://github.com/nextcloud/server/issues/51247",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/issues/51247"
},
{
"name": "https://github.com/nextcloud/server/pull/51288",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/51288"
},
{
"name": "https://github.com/nextcloud/server/commit/b44f1568f2dc97c746281d99e2342ad679e3d8a9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/b44f1568f2dc97c746281d99e2342ad679e3d8a9"
},
{
"name": "https://hackerone.com/reports/3040887",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3040887"
}
],
"source": {
"advisory": "GHSA-hq6c-r898-fgf2",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Server users can modify tags on files that do not belong to them"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66547",
"datePublished": "2025-12-05T16:32:17.359Z",
"dateReserved": "2025-12-04T15:52:26.550Z",
"dateUpdated": "2025-12-05T18:20:43.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66512 (GCVE-0-2025-66512)
Vulnerability from nvd – Published: 2025-12-05 16:22 – Updated: 2025-12-05 20:05
VLAI
Title
Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud
Summary
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/viewer/pull/3023 | x_refsource_MISC |
| https://github.com/nextcloud/viewer/commit/5044a2… | x_refsource_MISC |
| https://hackerone.com/reports/3357808 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 32.0.0beta1, < 32.0.3
Affected: < 31.0.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T20:04:51.050053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T20:05:05.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0beta1, \u003c 32.0.3"
},
{
"status": "affected",
"version": "\u003c 31.0.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:22:50.206Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qcw2-p26m-9gc5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qcw2-p26m-9gc5"
},
{
"name": "https://github.com/nextcloud/viewer/pull/3023",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/viewer/pull/3023"
},
{
"name": "https://github.com/nextcloud/viewer/commit/5044a27d61bc40c0f134298d36af91f865335b63",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/viewer/commit/5044a27d61bc40c0f134298d36af91f865335b63"
},
{
"name": "https://hackerone.com/reports/3357808",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3357808"
}
],
"source": {
"advisory": "GHSA-qcw2-p26m-9gc5",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66512",
"datePublished": "2025-12-05T16:22:50.206Z",
"dateReserved": "2025-12-03T15:28:02.992Z",
"dateUpdated": "2025-12-05T20:05:05.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66510 (GCVE-0-2025-66510)
Vulnerability from nvd – Published: 2025-12-05 16:18 – Updated: 2025-12-05 20:02
VLAI
Title
Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list
Summary
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts.
Severity
4.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/server/pull/55657 | x_refsource_MISC |
| https://github.com/nextcloud/server/commit/e48668… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 32.0.0beta1, < 32.0.1
Affected: < 31.0.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T20:02:32.631822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T20:02:53.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0beta1, \u003c 32.0.1"
},
{
"status": "affected",
"version": "\u003c 31.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:18:53.699Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-495w-cqv6-wr59",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-495w-cqv6-wr59"
},
{
"name": "https://github.com/nextcloud/server/pull/55657",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/55657"
},
{
"name": "https://github.com/nextcloud/server/commit/e4866860cbf24a746eb8a125587262a4c8831c57",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/e4866860cbf24a746eb8a125587262a4c8831c57"
}
],
"source": {
"advisory": "GHSA-495w-cqv6-wr59",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66510",
"datePublished": "2025-12-05T16:18:53.699Z",
"dateReserved": "2025-12-03T15:12:22.978Z",
"dateUpdated": "2025-12-05T20:02:53.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59788 (GCVE-0-2025-59788)
Vulnerability from nvd – Published: 2025-12-04 00:00 – Updated: 2025-12-11 15:04
VLAI
Summary
Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis.
Severity
6.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-749 - Exposed Dangerous Method or Function
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nextcloud | Nextcloud |
Affected:
0 , < 22.2.10.33
(custom)
Affected: 23 , < 23.0.12.29 (custom) Affected: 24 , < 24.0.12.28 (custom) Affected: 25 , < 25.0.13.23 (custom) Affected: 26 , < 26.0.13.20 (custom) Affected: 27 , < 27.1.11.20 (custom) Affected: 28 , < 28.0.14.11 (custom) Affected: 29 , < 29.0.16.8 (custom) Affected: 30 , < 30.0.17 (custom) Affected: 31 , < 31.0.10 (custom) Affected: 32 , < 32.0.1 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59788",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T17:20:13.836811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:04:25.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nextcloud",
"vendor": "Nextcloud",
"versions": [
{
"lessThan": "22.2.10.33",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "23.0.12.29",
"status": "affected",
"version": "23",
"versionType": "custom"
},
{
"lessThan": "24.0.12.28",
"status": "affected",
"version": "24",
"versionType": "custom"
},
{
"lessThan": "25.0.13.23",
"status": "affected",
"version": "25",
"versionType": "custom"
},
{
"lessThan": "26.0.13.20",
"status": "affected",
"version": "26",
"versionType": "custom"
},
{
"lessThan": "27.1.11.20",
"status": "affected",
"version": "27",
"versionType": "custom"
},
{
"lessThan": "28.0.14.11",
"status": "affected",
"version": "28",
"versionType": "custom"
},
{
"lessThan": "29.0.16.8",
"status": "affected",
"version": "29",
"versionType": "custom"
},
{
"lessThan": "30.0.17",
"status": "affected",
"version": "30",
"versionType": "custom"
},
{
"lessThan": "31.0.10",
"status": "affected",
"version": "31",
"versionType": "custom"
},
{
"lessThan": "32.0.1",
"status": "affected",
"version": "32",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.2.10.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.0.12.29",
"versionStartIncluding": "23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.0.12.28",
"versionStartIncluding": "24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.0.13.23",
"versionStartIncluding": "25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.0.13.20",
"versionStartIncluding": "26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "27.1.11.20",
"versionStartIncluding": "27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "28.0.14.11",
"versionStartIncluding": "28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "29.0.16.8",
"versionStartIncluding": "29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "30.0.17",
"versionStartIncluding": "30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "31.0.10",
"versionStartIncluding": "31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "32.0.1",
"versionStartIncluding": "32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user\u0027s browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T19:02:03.447Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://nextcloud.com"
},
{
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-003/"
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24wp-p865-7j4r"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59788",
"datePublished": "2025-12-04T00:00:00.000Z",
"dateReserved": "2025-09-19T00:00:00.000Z",
"dateUpdated": "2025-12-11T15:04:25.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45285 (GCVE-0-2026-45285)
Vulnerability from cvelistv5 – Published: 2026-06-01 16:57 – Updated: 2026-06-02 12:50
VLAI
Title
Nextcloud: Hidden Public Link creation when sharing to a Team External Member
Summary
Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes an external member (a person added via email address who does not have a Nextcloud account), the system automatically creates a public link for that external member. This public link is not displayed in the share section of the folder, so the folder owner has no knowledge of its existence. It is sent via email to the external member. It grants the same permissions (read, write, delete, reshare, download) as the Team’s access. An attacker who receives or intercepts this link can access, modify, delete, reshare, and download all data in the shared folder without any further authentication. The folder owner cannot see or revoke the link through the normal sharing interface. This issue has been patched in versions 32.0.9 and 33.0.3.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/circles/pull/2454 | x_refsource_MISC |
| https://hackerone.com/reports/3625932 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 32.0.0, < 32.0.9
Affected: >= 33.0.0, < 33.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T12:49:57.366871Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:50:07.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0, \u003c 32.0.9"
},
{
"status": "affected",
"version": "\u003e= 33.0.0, \u003c 33.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes an external member (a person added via email address who does not have a Nextcloud account), the system automatically creates a public link for that external member. This public link is not displayed in the share section of the folder, so the folder owner has no knowledge of its existence. It is sent via email to the external member. It grants the same permissions (read, write, delete, reshare, download) as the Team\u2019s access. An attacker who receives or intercepts this link can access, modify, delete, reshare, and download all data in the shared folder without any further authentication. The folder owner cannot see or revoke the link through the normal sharing interface. This issue has been patched in versions 32.0.9 and 33.0.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:57:50.447Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r3xh-x86g-hw4m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r3xh-x86g-hw4m"
},
{
"name": "https://github.com/nextcloud/circles/pull/2454",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/circles/pull/2454"
},
{
"name": "https://hackerone.com/reports/3625932",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3625932"
}
],
"source": {
"advisory": "GHSA-r3xh-x86g-hw4m",
"discovery": "UNKNOWN"
},
"title": "Nextcloud: Hidden Public Link creation when sharing to a Team External Member"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45285",
"datePublished": "2026-06-01T16:57:50.447Z",
"dateReserved": "2026-05-11T20:14:43.200Z",
"dateUpdated": "2026-06-02T12:50:07.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45283 (GCVE-0-2026-45283)
Vulnerability from cvelistv5 – Published: 2026-06-01 16:53 – Updated: 2026-06-01 21:42
VLAI
Title
Nextcloud: Files Lock app allows users to lock and unlock files of other users
Summary
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or unlock files belonging to other users by targeting their absolute WebDAV paths. Additionally, lock tokens were disclosed to unauthorized callers in error responses, allowing attackers to remove token-based locks placed by other users' client applications. It is recommended that the Nextcloud Server is upgraded to 32.0.2 or 33.0.1. It is recommended that the Nextcloud Enterprise Server is upgraded to 31.0.14.4 or 32.0.2 or 33.0.1
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/files_lock/pull/1007 | x_refsource_MISC |
| https://hackerone.com/reports/3301553# | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 32.0.0, < 32.0.2
Affected: >= 33.0.0, < 33.0.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T21:41:51.211198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T21:42:51.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0, \u003c 32.0.2"
},
{
"status": "affected",
"version": "\u003e= 33.0.0, \u003c 33.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or unlock files belonging to other users by targeting their absolute WebDAV paths. Additionally, lock tokens were disclosed to unauthorized callers in error responses, allowing attackers to remove token-based locks placed by other users\u0027 client applications. It is recommended that the Nextcloud Server is upgraded to 32.0.2 or 33.0.1. It is recommended that the Nextcloud Enterprise Server is upgraded to 31.0.14.4 or 32.0.2 or 33.0.1"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:53:50.656Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4chh-6mhf-p4jj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4chh-6mhf-p4jj"
},
{
"name": "https://github.com/nextcloud/files_lock/pull/1007",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/files_lock/pull/1007"
},
{
"name": "https://hackerone.com/reports/3301553#",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3301553#"
}
],
"source": {
"advisory": "GHSA-4chh-6mhf-p4jj",
"discovery": "UNKNOWN"
},
"title": "Nextcloud: Files Lock app allows users to lock and unlock files of other users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45283",
"datePublished": "2026-06-01T16:53:50.656Z",
"dateReserved": "2026-05-11T18:41:13.158Z",
"dateUpdated": "2026-06-01T21:42:51.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45282 (GCVE-0-2026-45282)
Vulnerability from cvelistv5 – Published: 2026-06-01 16:53 – Updated: 2026-06-01 19:28
VLAI
Title
Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access
Summary
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download restrictions. It is applicable to any file that is shared directly, as the attacker only needs to know a documentId they own, apart of the mentioned share token. For shared folders the attacker has to know or guess a documentId of a file that is included inside the folder, making it much harder to exploit. The attacker can only extract an attachments, but not the file shared file or folder itself. It is recommended that the Nextcloud Server is upgraded to 33.0.3 or 32.0.9. It is recommended that the Nextcloud Enterprise Server is upgraded to 33.0.3, 32.0.9, 31.0.14.5, 30.0.17.9, 29.0.16.16, 28.0.14.17 or 27.1.11.5
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/text/pull/8499 | x_refsource_MISC |
| https://hackerone.com/reports/3577244 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 32.0.0, < 32.0.9
Affected: >= 33.0.0, < 33.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T19:28:33.016749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T19:28:48.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0, \u003c 32.0.9"
},
{
"status": "affected",
"version": "\u003e= 33.0.0, \u003c 33.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download restrictions. It is applicable to any file that is shared directly, as the attacker only needs to know a documentId they own, apart of the mentioned share token. For shared folders the attacker has to know or guess a documentId of a file that is included inside the folder, making it much harder to exploit. The attacker can only extract an attachments, but not the file shared file or folder itself. It is recommended that the Nextcloud Server is upgraded to 33.0.3 or 32.0.9. It is recommended that the Nextcloud Enterprise Server is upgraded to 33.0.3, 32.0.9, 31.0.14.5, 30.0.17.9, 29.0.16.16, 28.0.14.17 or 27.1.11.5"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:53:18.823Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35fx-69q6-xpjr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35fx-69q6-xpjr"
},
{
"name": "https://github.com/nextcloud/text/pull/8499",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/text/pull/8499"
},
{
"name": "https://hackerone.com/reports/3577244",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3577244"
}
],
"source": {
"advisory": "GHSA-35fx-69q6-xpjr",
"discovery": "UNKNOWN"
},
"title": "Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45282",
"datePublished": "2026-06-01T16:53:18.823Z",
"dateReserved": "2026-05-11T18:41:13.157Z",
"dateUpdated": "2026-06-01T19:28:48.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45281 (GCVE-0-2026-45281)
Vulnerability from cvelistv5 – Published: 2026-06-01 16:52 – Updated: 2026-06-01 19:22
VLAI
Title
Nextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update
Summary
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the attacker must be an authenticated user. This is because of improper authorization controls in the backend of the calendar. If the attacker had access to the calendar, they would be able to view and modify it. It is recommended that the Nextcloud Server is upgraded to 33.0.3 or 32.0.9. It is recommended that the Nextcloud Enterprise Server is upgraded to 33.0.3, 32.0.9, 31.0.14.5, 30.0.17.9, 29.0.16.16, 28.0.14.17, 27.1.11.26, 26.0.13.26, 25.0.13.29, 24.0.12.34, 23.0.12.35, 22.2.10.39, or 21.0.9.23
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/server/pull/59962 | x_refsource_MISC |
| https://hackerone.com/reports/3545964 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 32.0.0, < 32.0.9
Affected: >= 33.0.0, < 33.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T19:22:37.089766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T19:22:51.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0, \u003c 32.0.9"
},
{
"status": "affected",
"version": "\u003e= 33.0.0, \u003c 33.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users\u2019 principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the attacker must be an authenticated user. This is because of improper authorization controls in the backend of the calendar. If the attacker had access to the calendar, they would be able to view and modify it. It is recommended that the Nextcloud Server is upgraded to 33.0.3 or 32.0.9. It is recommended that the Nextcloud Enterprise Server is upgraded to 33.0.3, 32.0.9, 31.0.14.5, 30.0.17.9, 29.0.16.16, 28.0.14.17, 27.1.11.26, 26.0.13.26, 25.0.13.29, 24.0.12.34, 23.0.12.35, 22.2.10.39, or 21.0.9.23"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:52:57.245Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hrrv-mp25-26vv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hrrv-mp25-26vv"
},
{
"name": "https://github.com/nextcloud/server/pull/59962",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/59962"
},
{
"name": "https://hackerone.com/reports/3545964",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3545964"
}
],
"source": {
"advisory": "GHSA-hrrv-mp25-26vv",
"discovery": "UNKNOWN"
},
"title": "Nextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45281",
"datePublished": "2026-06-01T16:52:57.245Z",
"dateReserved": "2026-05-11T18:41:13.157Z",
"dateUpdated": "2026-06-01T19:22:51.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45279 (GCVE-0-2026-45279)
Vulnerability from cvelistv5 – Published: 2026-06-01 16:52 – Updated: 2026-06-02 12:50
VLAI
Title
Nextcloud: Limited path traversal via template API if using `{lang}` in config
Summary
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config value, non-admin users can in some cases copy arbitrary files (depending on unix permissions) into their own Nextcloud directory via a path traversal. It is recommended that the Nextcloud Server is upgraded to 32.0.4, 31.0.14. It is recommended that the Nextcloud Enterprise Server is upgraded to 32.0.4, 31.0.14, 30.0.17.7, 29.0.17.12, 28.0.14.15
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/server/pull/57414/files | x_refsource_MISC |
| https://hackerone.com/reports/3468140 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 31.0.0, < 31.0.14
Affected: >= 32.0.0, < 32.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T12:50:41.800240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:50:50.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 31.0.0, \u003c 31.0.14"
},
{
"status": "affected",
"version": "\u003e= 32.0.0, \u003c 32.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config value, non-admin users can in some cases copy arbitrary files (depending on unix permissions) into their own Nextcloud directory via a path traversal. It is recommended that the Nextcloud Server is upgraded to 32.0.4, 31.0.14. It is recommended that the Nextcloud Enterprise Server is upgraded to 32.0.4, 31.0.14, 30.0.17.7, 29.0.17.12, 28.0.14.15"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:52:18.958Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j33j-qph5-4wch",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j33j-qph5-4wch"
},
{
"name": "https://github.com/nextcloud/server/pull/57414/files",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/57414/files"
},
{
"name": "https://hackerone.com/reports/3468140",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3468140"
}
],
"source": {
"advisory": "GHSA-j33j-qph5-4wch",
"discovery": "UNKNOWN"
},
"title": "Nextcloud: Limited path traversal via template API if using `{lang}` in config"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45279",
"datePublished": "2026-06-01T16:52:18.958Z",
"dateReserved": "2026-05-11T18:41:13.157Z",
"dateUpdated": "2026-06-02T12:50:50.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64011 (GCVE-0-2025-64011)
Vulnerability from cvelistv5 – Published: 2025-12-12 00:00 – Updated: 2025-12-12 19:12
VLAI
Summary
Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such as text files or images, without prior sharing permissions.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T19:12:30.962776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T19:12:34.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such as text files or images, without prior sharing permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T17:08:10.217Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://drive.google.com/file/d/1eD3PN-u1caZYgGH96XHmJ7h_OBXEAHW4/view?usp=sharing"
},
{
"url": "https://nextcloud.com"
},
{
"url": "https://gist.github.com/tarekramm/586dfe2d113fedfee6d71182570fc090"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-64011",
"datePublished": "2025-12-12T00:00:00.000Z",
"dateReserved": "2025-10-27T00:00:00.000Z",
"dateUpdated": "2025-12-12T19:12:34.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66552 (GCVE-0-2025-66552)
Vulnerability from cvelistv5 – Published: 2025-12-05 16:36 – Updated: 2025-12-05 18:25
VLAI
Title
Nextcloud Server admin_audit does not log all actions on files in groupfolders
Summary
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed in Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-778 - Insufficient Logging
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/server/pull/50992 | x_refsource_MISC |
| https://github.com/nextcloud/server/commit/7cc005… | x_refsource_MISC |
| https://hackerone.com/reports/2890071 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 32.0.0beta1, < 32.0.1
Affected: < 31.0.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T18:24:11.355947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T18:25:06.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0beta1, \u003c 32.0.1"
},
{
"status": "affected",
"version": "\u003c 31.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed in Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-778",
"description": "CWE-778: Insufficient Logging",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:36:39.749Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ww9m-f8j4-jj9x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ww9m-f8j4-jj9x"
},
{
"name": "https://github.com/nextcloud/server/pull/50992",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/50992"
},
{
"name": "https://github.com/nextcloud/server/commit/7cc005c43c72bc384848cf8cb851895827c412f6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/7cc005c43c72bc384848cf8cb851895827c412f6"
},
{
"name": "https://hackerone.com/reports/2890071",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/2890071"
}
],
"source": {
"advisory": "GHSA-ww9m-f8j4-jj9x",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Server admin_audit does not log all actions on files in groupfolders"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66552",
"datePublished": "2025-12-05T16:36:39.749Z",
"dateReserved": "2025-12-04T15:57:22.034Z",
"dateUpdated": "2025-12-05T18:25:06.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66547 (GCVE-0-2025-66547)
Vulnerability from cvelistv5 – Published: 2025-12-05 16:32 – Updated: 2025-12-05 18:20
VLAI
Title
Nextcloud Server users can modify tags on files that do not belong to them
Summary
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/server/issues/51247 | x_refsource_MISC |
| https://github.com/nextcloud/server/pull/51288 | x_refsource_MISC |
| https://github.com/nextcloud/server/commit/b44f15… | x_refsource_MISC |
| https://hackerone.com/reports/3040887 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 31.0.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T18:20:11.023676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T18:20:43.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 31.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:32:17.359Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hq6c-r898-fgf2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hq6c-r898-fgf2"
},
{
"name": "https://github.com/nextcloud/server/issues/51247",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/issues/51247"
},
{
"name": "https://github.com/nextcloud/server/pull/51288",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/51288"
},
{
"name": "https://github.com/nextcloud/server/commit/b44f1568f2dc97c746281d99e2342ad679e3d8a9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/b44f1568f2dc97c746281d99e2342ad679e3d8a9"
},
{
"name": "https://hackerone.com/reports/3040887",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3040887"
}
],
"source": {
"advisory": "GHSA-hq6c-r898-fgf2",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Server users can modify tags on files that do not belong to them"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66547",
"datePublished": "2025-12-05T16:32:17.359Z",
"dateReserved": "2025-12-04T15:52:26.550Z",
"dateUpdated": "2025-12-05T18:20:43.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66512 (GCVE-0-2025-66512)
Vulnerability from cvelistv5 – Published: 2025-12-05 16:22 – Updated: 2025-12-05 20:05
VLAI
Title
Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud
Summary
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/viewer/pull/3023 | x_refsource_MISC |
| https://github.com/nextcloud/viewer/commit/5044a2… | x_refsource_MISC |
| https://hackerone.com/reports/3357808 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 32.0.0beta1, < 32.0.3
Affected: < 31.0.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T20:04:51.050053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T20:05:05.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0beta1, \u003c 32.0.3"
},
{
"status": "affected",
"version": "\u003c 31.0.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:22:50.206Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qcw2-p26m-9gc5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qcw2-p26m-9gc5"
},
{
"name": "https://github.com/nextcloud/viewer/pull/3023",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/viewer/pull/3023"
},
{
"name": "https://github.com/nextcloud/viewer/commit/5044a27d61bc40c0f134298d36af91f865335b63",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/viewer/commit/5044a27d61bc40c0f134298d36af91f865335b63"
},
{
"name": "https://hackerone.com/reports/3357808",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3357808"
}
],
"source": {
"advisory": "GHSA-qcw2-p26m-9gc5",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66512",
"datePublished": "2025-12-05T16:22:50.206Z",
"dateReserved": "2025-12-03T15:28:02.992Z",
"dateUpdated": "2025-12-05T20:05:05.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66510 (GCVE-0-2025-66510)
Vulnerability from cvelistv5 – Published: 2025-12-05 16:18 – Updated: 2025-12-05 20:02
VLAI
Title
Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list
Summary
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts.
Severity
4.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/server/pull/55657 | x_refsource_MISC |
| https://github.com/nextcloud/server/commit/e48668… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 32.0.0beta1, < 32.0.1
Affected: < 31.0.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T20:02:32.631822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T20:02:53.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0beta1, \u003c 32.0.1"
},
{
"status": "affected",
"version": "\u003c 31.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:18:53.699Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-495w-cqv6-wr59",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-495w-cqv6-wr59"
},
{
"name": "https://github.com/nextcloud/server/pull/55657",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/55657"
},
{
"name": "https://github.com/nextcloud/server/commit/e4866860cbf24a746eb8a125587262a4c8831c57",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/e4866860cbf24a746eb8a125587262a4c8831c57"
}
],
"source": {
"advisory": "GHSA-495w-cqv6-wr59",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66510",
"datePublished": "2025-12-05T16:18:53.699Z",
"dateReserved": "2025-12-03T15:12:22.978Z",
"dateUpdated": "2025-12-05T20:02:53.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59788 (GCVE-0-2025-59788)
Vulnerability from cvelistv5 – Published: 2025-12-04 00:00 – Updated: 2025-12-11 15:04
VLAI
Summary
Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis.
Severity
6.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-749 - Exposed Dangerous Method or Function
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nextcloud | Nextcloud |
Affected:
0 , < 22.2.10.33
(custom)
Affected: 23 , < 23.0.12.29 (custom) Affected: 24 , < 24.0.12.28 (custom) Affected: 25 , < 25.0.13.23 (custom) Affected: 26 , < 26.0.13.20 (custom) Affected: 27 , < 27.1.11.20 (custom) Affected: 28 , < 28.0.14.11 (custom) Affected: 29 , < 29.0.16.8 (custom) Affected: 30 , < 30.0.17 (custom) Affected: 31 , < 31.0.10 (custom) Affected: 32 , < 32.0.1 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59788",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T17:20:13.836811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:04:25.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nextcloud",
"vendor": "Nextcloud",
"versions": [
{
"lessThan": "22.2.10.33",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "23.0.12.29",
"status": "affected",
"version": "23",
"versionType": "custom"
},
{
"lessThan": "24.0.12.28",
"status": "affected",
"version": "24",
"versionType": "custom"
},
{
"lessThan": "25.0.13.23",
"status": "affected",
"version": "25",
"versionType": "custom"
},
{
"lessThan": "26.0.13.20",
"status": "affected",
"version": "26",
"versionType": "custom"
},
{
"lessThan": "27.1.11.20",
"status": "affected",
"version": "27",
"versionType": "custom"
},
{
"lessThan": "28.0.14.11",
"status": "affected",
"version": "28",
"versionType": "custom"
},
{
"lessThan": "29.0.16.8",
"status": "affected",
"version": "29",
"versionType": "custom"
},
{
"lessThan": "30.0.17",
"status": "affected",
"version": "30",
"versionType": "custom"
},
{
"lessThan": "31.0.10",
"status": "affected",
"version": "31",
"versionType": "custom"
},
{
"lessThan": "32.0.1",
"status": "affected",
"version": "32",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.2.10.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.0.12.29",
"versionStartIncluding": "23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.0.12.28",
"versionStartIncluding": "24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.0.13.23",
"versionStartIncluding": "25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.0.13.20",
"versionStartIncluding": "26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "27.1.11.20",
"versionStartIncluding": "27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "28.0.14.11",
"versionStartIncluding": "28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "29.0.16.8",
"versionStartIncluding": "29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "30.0.17",
"versionStartIncluding": "30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "31.0.10",
"versionStartIncluding": "31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"versionEndExcluding": "32.0.1",
"versionStartIncluding": "32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user\u0027s browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T19:02:03.447Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://nextcloud.com"
},
{
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-003/"
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24wp-p865-7j4r"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59788",
"datePublished": "2025-12-04T00:00:00.000Z",
"dateReserved": "2025-09-19T00:00:00.000Z",
"dateUpdated": "2025-12-11T15:04:25.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
FKIE_CVE-2025-64011
Vulnerability from fkie_nvd - Published: 2025-12-12 17:15 - Updated: 2025-12-19 15:47
Severity
Summary
Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such as text files or images, without prior sharing permissions.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://drive.google.com/file/d/1eD3PN-u1caZYgGH96XHmJ7h_OBXEAHW4/view?usp=sharing | Exploit | |
| cve@mitre.org | https://gist.github.com/tarekramm/586dfe2d113fedfee6d71182570fc090 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://nextcloud.com | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | nextcloud_server | 30.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:30.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E9029EB2-D570-4989-A86B-10E9107FB0E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such as text files or images, without prior sharing permissions."
}
],
"id": "CVE-2025-64011",
"lastModified": "2025-12-19T15:47:19.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-12-12T17:15:45.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://drive.google.com/file/d/1eD3PN-u1caZYgGH96XHmJ7h_OBXEAHW4/view?usp=sharing"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/tarekramm/586dfe2d113fedfee6d71182570fc090"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://nextcloud.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-66547
Vulnerability from fkie_nvd - Published: 2025-12-05 17:16 - Updated: 2025-12-09 16:31
Severity
Summary
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D8631F6B-EED4-4B47-84C3-7BC63464AC15",
"versionEndExcluding": "31.0.1",
"versionStartIncluding": "31.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "52B7D78F-BCCC-4178-BB21-AB9587D11386",
"versionEndExcluding": "31.0.1",
"versionStartIncluding": "31.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1."
}
],
"id": "CVE-2025-66547",
"lastModified": "2025-12-09T16:31:38.237",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-12-05T17:16:05.330",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hq6c-r898-fgf2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nextcloud/server/commit/b44f1568f2dc97c746281d99e2342ad679e3d8a9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/nextcloud/server/issues/51247"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/nextcloud/server/pull/51288"
},
{
"source": "security-advisories@github.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://hackerone.com/reports/3040887"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-66552
Vulnerability from fkie_nvd - Published: 2025-12-05 17:16 - Updated: 2025-12-10 15:14
Severity
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed in Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "47EB7CCF-F24C-49BD-8F26-1C948A450CBF",
"versionEndExcluding": "30.0.9",
"versionStartIncluding": "30.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "E99B7ACC-0CDA-4E0A-B4FB-704625706899",
"versionEndExcluding": "30.0.9",
"versionStartIncluding": "30.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D8631F6B-EED4-4B47-84C3-7BC63464AC15",
"versionEndExcluding": "31.0.1",
"versionStartIncluding": "31.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "52B7D78F-BCCC-4178-BB21-AB9587D11386",
"versionEndExcluding": "31.0.1",
"versionStartIncluding": "31.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed in Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1."
}
],
"id": "CVE-2025-66552",
"lastModified": "2025-12-10T15:14:47.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-12-05T17:16:05.687",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ww9m-f8j4-jj9x"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nextcloud/server/commit/7cc005c43c72bc384848cf8cb851895827c412f6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/nextcloud/server/pull/50992"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://hackerone.com/reports/2890071"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-778"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-66512
Vulnerability from fkie_nvd - Published: 2025-12-05 17:16 - Updated: 2025-12-09 16:38
Severity
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A6FF62FC-BAAC-42FE-80AA-1ECF1752D9D4",
"versionEndExcluding": "31.0.12",
"versionStartIncluding": "31.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "EE1373FF-E182-4502-AFA0-CB4191CBC1A3",
"versionEndExcluding": "31.0.12",
"versionStartIncluding": "31.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "B6B91E03-3683-47A0-8D5D-8F463D1957F2",
"versionEndExcluding": "32.0.3",
"versionStartIncluding": "32.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "88F735F3-E164-4261-A5D8-8F32DB2AA218",
"versionEndExcluding": "32.0.3",
"versionStartIncluding": "32.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page."
}
],
"id": "CVE-2025-66512",
"lastModified": "2025-12-09T16:38:19.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-12-05T17:16:04.980",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qcw2-p26m-9gc5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nextcloud/viewer/commit/5044a27d61bc40c0f134298d36af91f865335b63"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/nextcloud/viewer/pull/3023"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://hackerone.com/reports/3357808"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-66510
Vulnerability from fkie_nvd - Published: 2025-12-05 17:16 - Updated: 2025-12-10 16:12
Severity
4.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B55EF258-E98A-43A9-B73C-AE62D448421D",
"versionEndExcluding": "28.0.14.11",
"versionStartIncluding": "28.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "7710228F-2984-4F9A-8360-0054E7E78687",
"versionEndExcluding": "29.0.16.8",
"versionStartIncluding": "29.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "9D119C97-0478-4CE4-8DAF-A72F69DC8C50",
"versionEndExcluding": "30.0.17.3",
"versionStartIncluding": "30.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "2059C891-F256-482A-99BF-D912A1657419",
"versionEndExcluding": "31.0.10",
"versionStartIncluding": "31.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "64C21E45-22B8-49B2-B630-30448D89A4E9",
"versionEndExcluding": "31.0.10",
"versionStartIncluding": "31.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A75D466C-B154-480A-9D4F-8E9454147156",
"versionEndExcluding": "32.0.1",
"versionStartIncluding": "32.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts."
}
],
"id": "CVE-2025-66510",
"lastModified": "2025-12-10T16:12:34.217",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-12-05T17:16:04.613",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-495w-cqv6-wr59"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nextcloud/server/commit/e4866860cbf24a746eb8a125587262a4c8831c57"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/nextcloud/server/pull/55657"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-359"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-59788
Vulnerability from fkie_nvd - Published: 2025-12-04 19:16 - Updated: 2026-03-25 21:35
Severity
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24wp-p865-7j4r | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://nextcloud.com | Product | |
| cve@mitre.org | https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-003/ | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8A3D94EC-A877-458D-9A33-5451FE97A785",
"versionEndExcluding": "30.0.17",
"versionStartIncluding": "30.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "2059C891-F256-482A-99BF-D912A1657419",
"versionEndExcluding": "31.0.10",
"versionStartIncluding": "31.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A75D466C-B154-480A-9D4F-8E9454147156",
"versionEndExcluding": "32.0.1",
"versionStartIncluding": "32.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "4440D2E7-2FCB-4CC2-A57F-708AAB0CD22B",
"versionEndExcluding": "22.2.10.33",
"versionStartIncluding": "22.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "51922DA7-3112-422A-9F66-9CAA54E89D8F",
"versionEndExcluding": "23.0.12.29",
"versionStartIncluding": "23.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6AC7C575-7348-45A1-9023-A6606541987B",
"versionEndExcluding": "24.0.12.28",
"versionStartIncluding": "24.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "000C64D7-C76D-4E69-9705-18132C615456",
"versionEndExcluding": "25.0.13.23",
"versionStartIncluding": "25.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D9491A91-2A7C-4C84-89E9-219422D91350",
"versionEndExcluding": "26.0.13.20",
"versionStartIncluding": "26.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CFD3A15F-58D7-4C3D-A49F-065F28ED6361",
"versionEndExcluding": "27.1.11.20",
"versionStartIncluding": "27.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B55EF258-E98A-43A9-B73C-AE62D448421D",
"versionEndExcluding": "28.0.14.11",
"versionStartIncluding": "28.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "7710228F-2984-4F9A-8360-0054E7E78687",
"versionEndExcluding": "29.0.16.8",
"versionStartIncluding": "29.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "AE19F75F-6A78-4770-B7C6-338570FA7184",
"versionEndExcluding": "30.0.17",
"versionStartIncluding": "30.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "64C21E45-22B8-49B2-B630-30448D89A4E9",
"versionEndExcluding": "31.0.10",
"versionStartIncluding": "31.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CFA5AD5D-1145-44D6-ABE3-64837C74975F",
"versionEndExcluding": "32.0.1",
"versionStartIncluding": "32.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user\u0027s browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis."
}
],
"id": "CVE-2025-59788",
"lastModified": "2026-03-25T21:35:25.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-12-04T19:16:04.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24wp-p865-7j4r"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://nextcloud.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-003/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-749"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-47793
Vulnerability from fkie_nvd - Published: 2025-05-16 15:15 - Updated: 2025-09-08 21:54
Severity
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud Groupfolders app prior to 18.0.3, 17.0.5, and 16.0.11, the absence of quota checking on attachments allowed logged-in users to upload files exceeding the group folder quota. Nextcloud Server versions 30.0.2 and 29.0.9, Nextcloud Enterprise Server versions 30.0.2, 29.0.9, or 28.0.12, and Nextcloud Groupfolders app 18.0.3, 17.0.5, and 16.0.11 fix the issue. No known workarounds are available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | group_folders | * | |
| nextcloud | group_folders | * | |
| nextcloud | group_folders | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:group_folders:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39AD1E50-2B47-4839-8CB6-AA0978B85A82",
"versionEndExcluding": "16.0.11",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:group_folders:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBB99C6-11F6-4515-AAF3-42F014902176",
"versionEndExcluding": "17.0.5",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:group_folders:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7E3F43-20A2-49E4-BF82-FDA239B93169",
"versionEndExcluding": "18.0.3",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0D64CB01-AF54-472F-A70B-0910DB01B7EF",
"versionEndExcluding": "28.0.12",
"versionStartIncluding": "28.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "71EE8159-DEB8-452B-A7E5-4D8CED48545B",
"versionEndExcluding": "29.0.9",
"versionStartIncluding": "29.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "5B11C227-AAC6-4053-BDC0-2E732B95A854",
"versionEndExcluding": "29.0.9",
"versionStartIncluding": "29.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A0880BD6-1031-428B-85D3-83BCC13FF10F",
"versionEndExcluding": "30.0.2",
"versionStartIncluding": "30.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "5BBD7BC5-F07B-4CB8-8FC7-74BDE3BBEDC5",
"versionEndExcluding": "30.0.2",
"versionStartIncluding": "30.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud Groupfolders app prior to 18.0.3, 17.0.5, and 16.0.11, the absence of quota checking on attachments allowed logged-in users to upload files exceeding the group folder quota. Nextcloud Server versions 30.0.2 and 29.0.9, Nextcloud Enterprise Server versions 30.0.2, 29.0.9, or 28.0.12, and Nextcloud Groupfolders app 18.0.3, 17.0.5, and 16.0.11 fix the issue. No known workarounds are available."
},
{
"lang": "es",
"value": "Nextcloud Server es un sistema de nube personal autoalojado, y la aplicaci\u00f3n Nextcloud Groupfolders proporciona carpetas configuradas por el administrador y compartidas por todos los miembros de un grupo o equipo. En Nextcloud Server anteriores a las versiones 30.0.2, 29.0.9 y 28.0.1, Nextcloud Enterprise Server anteriores a las versiones 30.0.2 y 29.0.9, y la aplicaci\u00f3n Nextcloud Groupfolders anteriores a las versiones 18.0.3, 17.0.5 y 16.0.11, la ausencia de comprobaci\u00f3n de cuota para los adjuntos permit\u00eda a los usuarios conectados subir archivos que exced\u00edan la cuota de la carpeta de grupo. Las versiones 30.0.2 y 29.0.9 de Nextcloud Server, Nextcloud Enterprise Server 30.0.2, 29.0.9 o 28.0.12, y la aplicaci\u00f3n Nextcloud Groupfolders 18.0.3, 17.0.5 y 16.0.11 solucionan el problema. No se conocen workarounds."
}
],
"id": "CVE-2025-47793",
"lastModified": "2025-09-08T21:54:14.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-16T15:15:48.070",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nextcloud/groupfolders/pull/3328"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nextcloud/server/pull/48623"
},
{
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/2713272"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-47794
Vulnerability from fkie_nvd - Published: 2025-05-16 15:15 - Updated: 2025-09-30 19:37
Severity
2.6 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "A19CDEA0-5A9C-4FC7-96EA-86C5B92FC878",
"versionEndExcluding": "26.0.13.13",
"versionStartIncluding": "26.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "007088B7-28CC-485B-AA3B-BB1557AA4C46",
"versionEndExcluding": "27.1.11.13",
"versionStartIncluding": "27.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "28B82423-C680-4F16-8115-035209CD8B49",
"versionEndExcluding": "28.0.14.4",
"versionStartIncluding": "28.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1690D3BB-8E12-4E59-BC20-C0324D5A0512",
"versionEndExcluding": "29.0.13",
"versionStartIncluding": "29.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F37D15F4-E32F-4E51-8AB7-89C2D78CFB4A",
"versionEndExcluding": "29.0.13",
"versionStartIncluding": "29.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "81570AC8-0168-4AB6-BE17-1830CC019A6B",
"versionEndExcluding": "30.0.7",
"versionStartIncluding": "30.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "310DE665-C910-4899-84F6-566E52EC4515",
"versionEndExcluding": "30.0.7",
"versionStartIncluding": "30.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D8631F6B-EED4-4B47-84C3-7BC63464AC15",
"versionEndExcluding": "31.0.1",
"versionStartIncluding": "31.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "52B7D78F-BCCC-4178-BB21-AB9587D11386",
"versionEndExcluding": "31.0.1",
"versionStartIncluding": "31.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available."
},
{
"lang": "es",
"value": "Nextcloud Server es un sistema de nube personal autoalojado. En Nextcloud Server anteriores a las versiones 29.0.13, 30.0.7 y 31.0.1, y en Nextcloud Enterprise Server anteriores a las versiones 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7 y 31.0.1, un atacante en un sistema multiusuario podr\u00eda leer archivos temporales de Nextcloud con una cuenta de usuario diferente o ejecutar un ataque de enlace simb\u00f3lico. Las versiones 29.0.13, 30.0.7 y 31.0.1 de Nextcloud Server y las versiones 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7 y 31.0.1 de Nextcloud Server solucionan el problema. No se conocen workarounds disponibles."
}
],
"id": "CVE-2025-47794",
"lastModified": "2025-09-30T19:37:40.473",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-16T15:15:48.213",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q568-2933-gcjq"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/nextcloud/server/pull/51194"
},
{
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/1960647"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}