Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-47793 (GCVE-0-2025-47793)
Vulnerability from cvelistv5 – Published: 2025-05-16 14:31 – Updated: 2025-05-16 14:49
VLAI
EPSS
Title
Nextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file
Summary
Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud Groupfolders app prior to 18.0.3, 17.0.5, and 16.0.11, the absence of quota checking on attachments allowed logged-in users to upload files exceeding the group folder quota. Nextcloud Server versions 30.0.2 and 29.0.9, Nextcloud Enterprise Server versions 30.0.2, 29.0.9, or 28.0.12, and Nextcloud Groupfolders app 18.0.3, 17.0.5, and 16.0.11 fix the issue. No known workarounds are available.
Severity
4.3 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/groupfolders/pull/3328 | x_refsource_MISC |
| https://github.com/nextcloud/server/pull/48623 | x_refsource_MISC |
| https://hackerone.com/reports/2713272 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 30.0.0, < 30.0.2
Affected: >= 29.0.0, < 29.0.9 Affected: >= 28.0.0, < 28.0.12 Affected: >= 18.0.0, < 18.0.3 Affected: >= 17.0.0, < 17.0.5 Affected: >= 16.0.0, < 16.0.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T14:49:00.953580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T14:49:07.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 30.0.0, \u003c 30.0.2"
},
{
"status": "affected",
"version": "\u003e= 29.0.0, \u003c 29.0.9"
},
{
"status": "affected",
"version": "\u003e= 28.0.0, \u003c 28.0.12"
},
{
"status": "affected",
"version": "\u003e= 18.0.0, \u003c 18.0.3"
},
{
"status": "affected",
"version": "\u003e= 17.0.0, \u003c 17.0.5"
},
{
"status": "affected",
"version": "\u003e= 16.0.0, \u003c 16.0.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud Groupfolders app prior to 18.0.3, 17.0.5, and 16.0.11, the absence of quota checking on attachments allowed logged-in users to upload files exceeding the group folder quota. Nextcloud Server versions 30.0.2 and 29.0.9, Nextcloud Enterprise Server versions 30.0.2, 29.0.9, or 28.0.12, and Nextcloud Groupfolders app 18.0.3, 17.0.5, and 16.0.11 fix the issue. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T14:31:50.742Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww"
},
{
"name": "https://github.com/nextcloud/groupfolders/pull/3328",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/groupfolders/pull/3328"
},
{
"name": "https://github.com/nextcloud/server/pull/48623",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/48623"
},
{
"name": "https://hackerone.com/reports/2713272",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/2713272"
}
],
"source": {
"advisory": "GHSA-qqgg-hhfq-vhww",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47793",
"datePublished": "2025-05-16T14:31:50.742Z",
"dateReserved": "2025-05-09T19:49:35.622Z",
"dateUpdated": "2025-05-16T14:49:07.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-47793",
"date": "2026-05-29",
"epss": "0.00284",
"percentile": "0.51994"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-47793\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-05-16T15:15:48.070\",\"lastModified\":\"2025-09-08T21:54:14.767\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud Groupfolders app prior to 18.0.3, 17.0.5, and 16.0.11, the absence of quota checking on attachments allowed logged-in users to upload files exceeding the group folder quota. Nextcloud Server versions 30.0.2 and 29.0.9, Nextcloud Enterprise Server versions 30.0.2, 29.0.9, or 28.0.12, and Nextcloud Groupfolders app 18.0.3, 17.0.5, and 16.0.11 fix the issue. No known workarounds are available.\"},{\"lang\":\"es\",\"value\":\"Nextcloud Server es un sistema de nube personal autoalojado, y la aplicaci\u00f3n Nextcloud Groupfolders proporciona carpetas configuradas por el administrador y compartidas por todos los miembros de un grupo o equipo. En Nextcloud Server anteriores a las versiones 30.0.2, 29.0.9 y 28.0.1, Nextcloud Enterprise Server anteriores a las versiones 30.0.2 y 29.0.9, y la aplicaci\u00f3n Nextcloud Groupfolders anteriores a las versiones 18.0.3, 17.0.5 y 16.0.11, la ausencia de comprobaci\u00f3n de cuota para los adjuntos permit\u00eda a los usuarios conectados subir archivos que exced\u00edan la cuota de la carpeta de grupo. Las versiones 30.0.2 y 29.0.9 de Nextcloud Server, Nextcloud Enterprise Server 30.0.2, 29.0.9 o 28.0.12, y la aplicaci\u00f3n Nextcloud Groupfolders 18.0.3, 17.0.5 y 16.0.11 solucionan el problema. No se conocen workarounds.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:group_folders:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0.0\",\"versionEndExcluding\":\"16.0.11\",\"matchCriteriaId\":\"39AD1E50-2B47-4839-8CB6-AA0978B85A82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:group_folders:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0.0\",\"versionEndExcluding\":\"17.0.5\",\"matchCriteriaId\":\"EFBB99C6-11F6-4515-AAF3-42F014902176\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:group_folders:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.0.0\",\"versionEndExcluding\":\"18.0.3\",\"matchCriteriaId\":\"6A7E3F43-20A2-49E4-BF82-FDA239B93169\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"28.0.0\",\"versionEndExcluding\":\"28.0.12\",\"matchCriteriaId\":\"0D64CB01-AF54-472F-A70B-0910DB01B7EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"29.0.0\",\"versionEndExcluding\":\"29.0.9\",\"matchCriteriaId\":\"71EE8159-DEB8-452B-A7E5-4D8CED48545B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"29.0.0\",\"versionEndExcluding\":\"29.0.9\",\"matchCriteriaId\":\"5B11C227-AAC6-4053-BDC0-2E732B95A854\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"30.0.0\",\"versionEndExcluding\":\"30.0.2\",\"matchCriteriaId\":\"A0880BD6-1031-428B-85D3-83BCC13FF10F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"30.0.0\",\"versionEndExcluding\":\"30.0.2\",\"matchCriteriaId\":\"5BBD7BC5-F07B-4CB8-8FC7-74BDE3BBEDC5\"}]}]}],\"references\":[{\"url\":\"https://github.com/nextcloud/groupfolders/pull/3328\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/nextcloud/server/pull/48623\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://hackerone.com/reports/2713272\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Permissions Required\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-47793\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-16T14:49:00.953580Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-16T14:49:03.528Z\"}}], \"cna\": {\"title\": \"Nextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file\", \"source\": {\"advisory\": \"GHSA-qqgg-hhfq-vhww\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"nextcloud\", \"product\": \"security-advisories\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 30.0.0, \u003c 30.0.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 29.0.0, \u003c 29.0.9\"}, {\"status\": \"affected\", \"version\": \"\u003e= 28.0.0, \u003c 28.0.12\"}, {\"status\": \"affected\", \"version\": \"\u003e= 18.0.0, \u003c 18.0.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= 17.0.0, \u003c 17.0.5\"}, {\"status\": \"affected\", \"version\": \"\u003e= 16.0.0, \u003c 16.0.11\"}]}], \"references\": [{\"url\": \"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww\", \"name\": \"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nextcloud/groupfolders/pull/3328\", \"name\": \"https://github.com/nextcloud/groupfolders/pull/3328\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nextcloud/server/pull/48623\", \"name\": \"https://github.com/nextcloud/server/pull/48623\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://hackerone.com/reports/2713272\", \"name\": \"https://hackerone.com/reports/2713272\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud Groupfolders app prior to 18.0.3, 17.0.5, and 16.0.11, the absence of quota checking on attachments allowed logged-in users to upload files exceeding the group folder quota. Nextcloud Server versions 30.0.2 and 29.0.9, Nextcloud Enterprise Server versions 30.0.2, 29.0.9, or 28.0.12, and Nextcloud Groupfolders app 18.0.3, 17.0.5, and 16.0.11 fix the issue. No known workarounds are available.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-05-16T14:31:50.742Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-47793\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-16T14:49:07.567Z\", \"dateReserved\": \"2025-05-09T19:49:35.622Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-05-16T14:31:50.742Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0420
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | Groupfolders | Groupfolders versions 18.0.x antérieures à 18.0.3 | ||
| Nextcloud | Groupfolders | Groupfolders versions 17.0.x antérieures à 17.0.5 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 28.0.x antérieures à 28.0.14.6 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 26.0.x antérieures à 26.0.13.15 | ||
| Nextcloud | Desktop | Desktop versions antérieures à 3.15 | ||
| Nextcloud | Server | Server versions 31.0.x antérieures à 31.0.3 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 27.0.x antérieures à 27.1.11.15 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 29.0.x antérieures à 29.0.15 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 31.0.x antérieures à 31.0.3 | ||
| Nextcloud | Server | Server versions 29.0.x antérieures à 29.0.15 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 30.0.x antérieures à 30.0.9 | ||
| Nextcloud | Groupfolders | Groupfolders versions 16.0.x antérieures à 16.0.11 | ||
| Nextcloud | Server | Server versions 28.0.x antérieures à 28.0.13 | ||
| Nextcloud | Server | Server versions 30.0.x antérieures à 30.0.9 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Groupfolders versions 18.0.x ant\u00e9rieures \u00e0 18.0.3",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Groupfolders versions 17.0.x ant\u00e9rieures \u00e0 17.0.5",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 28.0.x ant\u00e9rieures \u00e0 28.0.14.6",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 26.0.x ant\u00e9rieures \u00e0 26.0.13.15",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Desktop versions ant\u00e9rieures \u00e0 3.15",
"product": {
"name": "Desktop",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 31.0.x ant\u00e9rieures \u00e0 31.0.3",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 27.0.x ant\u00e9rieures \u00e0 27.1.11.15",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 29.0.x ant\u00e9rieures \u00e0 29.0.15",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 31.0.x ant\u00e9rieures \u00e0 31.0.3",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 29.0.x ant\u00e9rieures \u00e0 29.0.15",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 30.0.x ant\u00e9rieures \u00e0 30.0.9",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Groupfolders versions 16.0.x ant\u00e9rieures \u00e0 16.0.11",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 28.0.x ant\u00e9rieures \u00e0 28.0.13",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 30.0.x ant\u00e9rieures \u00e0 30.0.9",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-47790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47790"
},
{
"name": "CVE-2025-47791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47791"
},
{
"name": "CVE-2025-47792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47792"
},
{
"name": "CVE-2025-47793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47793"
},
{
"name": "CVE-2025-47794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47794"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0420",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Nextcloud. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-qqgg-hhfq-vhww",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-q568-2933-gcjq",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q568-2933-gcjq"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-c7vq-m7f8-rx37",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7vq-m7f8-rx37"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-9h3w-f3h4-qqrh",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9h3w-f3h4-qqrh"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-qm2f-959g-7p65",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qm2f-959g-7p65"
}
]
}
CERTFR-2025-AVI-0420
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Nextcloud | Groupfolders | Groupfolders versions 18.0.x antérieures à 18.0.3 | ||
| Nextcloud | Groupfolders | Groupfolders versions 17.0.x antérieures à 17.0.5 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 28.0.x antérieures à 28.0.14.6 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 26.0.x antérieures à 26.0.13.15 | ||
| Nextcloud | Desktop | Desktop versions antérieures à 3.15 | ||
| Nextcloud | Server | Server versions 31.0.x antérieures à 31.0.3 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 27.0.x antérieures à 27.1.11.15 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 29.0.x antérieures à 29.0.15 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 31.0.x antérieures à 31.0.3 | ||
| Nextcloud | Server | Server versions 29.0.x antérieures à 29.0.15 | ||
| Nextcloud | Enterprise Server | Enterprise Server versions 30.0.x antérieures à 30.0.9 | ||
| Nextcloud | Groupfolders | Groupfolders versions 16.0.x antérieures à 16.0.11 | ||
| Nextcloud | Server | Server versions 28.0.x antérieures à 28.0.13 | ||
| Nextcloud | Server | Server versions 30.0.x antérieures à 30.0.9 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Groupfolders versions 18.0.x ant\u00e9rieures \u00e0 18.0.3",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Groupfolders versions 17.0.x ant\u00e9rieures \u00e0 17.0.5",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 28.0.x ant\u00e9rieures \u00e0 28.0.14.6",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 26.0.x ant\u00e9rieures \u00e0 26.0.13.15",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Desktop versions ant\u00e9rieures \u00e0 3.15",
"product": {
"name": "Desktop",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 31.0.x ant\u00e9rieures \u00e0 31.0.3",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 27.0.x ant\u00e9rieures \u00e0 27.1.11.15",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 29.0.x ant\u00e9rieures \u00e0 29.0.15",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 31.0.x ant\u00e9rieures \u00e0 31.0.3",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 29.0.x ant\u00e9rieures \u00e0 29.0.15",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Enterprise Server versions 30.0.x ant\u00e9rieures \u00e0 30.0.9",
"product": {
"name": "Enterprise Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Groupfolders versions 16.0.x ant\u00e9rieures \u00e0 16.0.11",
"product": {
"name": "Groupfolders",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 28.0.x ant\u00e9rieures \u00e0 28.0.13",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
},
{
"description": "Server versions 30.0.x ant\u00e9rieures \u00e0 30.0.9",
"product": {
"name": "Server",
"vendor": {
"name": "Nextcloud",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-47790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47790"
},
{
"name": "CVE-2025-47791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47791"
},
{
"name": "CVE-2025-47792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47792"
},
{
"name": "CVE-2025-47793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47793"
},
{
"name": "CVE-2025-47794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47794"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0420",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Nextcloud. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Nextcloud",
"vendor_advisories": [
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-qqgg-hhfq-vhww",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-q568-2933-gcjq",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q568-2933-gcjq"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-c7vq-m7f8-rx37",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7vq-m7f8-rx37"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-9h3w-f3h4-qqrh",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9h3w-f3h4-qqrh"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Nextcloud GHSA-qm2f-959g-7p65",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qm2f-959g-7p65"
}
]
}
Title
Уязвимость облачного программного обеспечения для создания и использования хранилища данных Nextcloud Server и Nextcloud Enterprise Server, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю оказать влияние на целостность защищаемой информации
Description
Уязвимость облачного программного обеспечения для создания и использования хранилища данных Nextcloud Server и Nextcloud Enterprise Server связана с неконтролируемым расходом ресурсов. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, оказать влияние на целостность защищаемой информации
Severity
Vendor
ООО «Ред Софт», Nextcloud GmbH
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Nextcloud Server, Nextcloud Enterprise Server, Nextcloud Groupfolders
Software Version
7.3 (РЕД ОС), от 29.0.0 до 29.0.9 (Nextcloud Server), от 30.0.0 до 30.0.2 (Nextcloud Server), от 30.0.0 до 30.0.2 (Nextcloud Enterprise Server), от 28.0.0 до 28.0.12 (Nextcloud Enterprise Server), от 29.0.0 до 29.0.9 (Nextcloud Enterprise Server), до 18.0.3 (Nextcloud Groupfolders), до 16.0.11 (Nextcloud Groupfolders), до 17.0.5 (Nextcloud Groupfolders)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для Nextcloud Server и Nextcloud Enterprise Server:
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://github.com/nextcloud/groupfolders/pull/3328
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww
https://github.com/nextcloud/server/pull/48623
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-770
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Nextcloud GmbH",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u043e\u0442 29.0.0 \u0434\u043e 29.0.9 (Nextcloud Server), \u043e\u0442 30.0.0 \u0434\u043e 30.0.2 (Nextcloud Server), \u043e\u0442 30.0.0 \u0434\u043e 30.0.2 (Nextcloud Enterprise Server), \u043e\u0442 28.0.0 \u0434\u043e 28.0.12 (Nextcloud Enterprise Server), \u043e\u0442 29.0.0 \u0434\u043e 29.0.9 (Nextcloud Enterprise Server), \u0434\u043e 18.0.3 (Nextcloud Groupfolders), \u0434\u043e 16.0.11 (Nextcloud Groupfolders), \u0434\u043e 17.0.5 (Nextcloud Groupfolders)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Nextcloud Server \u0438 Nextcloud Enterprise Server:\nhttps://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.05.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.06.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-07167",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-47793",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Nextcloud Server, Nextcloud Enterprise Server, Nextcloud Groupfolders",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 Nextcloud Server \u0438 Nextcloud Enterprise Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0435 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0438\u043b\u0438 \u0434\u0440\u043e\u0441\u0441\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 (CWE-770)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 Nextcloud Server \u0438 Nextcloud Enterprise Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/nextcloud/groupfolders/pull/3328\t\nhttps://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww\t\nhttps://github.com/nextcloud/server/pull/48623\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-770",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}
FKIE_CVE-2025-47793
Vulnerability from fkie_nvd - Published: 2025-05-16 15:15 - Updated: 2025-09-08 21:54
Severity
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud Groupfolders app prior to 18.0.3, 17.0.5, and 16.0.11, the absence of quota checking on attachments allowed logged-in users to upload files exceeding the group folder quota. Nextcloud Server versions 30.0.2 and 29.0.9, Nextcloud Enterprise Server versions 30.0.2, 29.0.9, or 28.0.12, and Nextcloud Groupfolders app 18.0.3, 17.0.5, and 16.0.11 fix the issue. No known workarounds are available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | group_folders | * | |
| nextcloud | group_folders | * | |
| nextcloud | group_folders | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:group_folders:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39AD1E50-2B47-4839-8CB6-AA0978B85A82",
"versionEndExcluding": "16.0.11",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:group_folders:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBB99C6-11F6-4515-AAF3-42F014902176",
"versionEndExcluding": "17.0.5",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:group_folders:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7E3F43-20A2-49E4-BF82-FDA239B93169",
"versionEndExcluding": "18.0.3",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0D64CB01-AF54-472F-A70B-0910DB01B7EF",
"versionEndExcluding": "28.0.12",
"versionStartIncluding": "28.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "71EE8159-DEB8-452B-A7E5-4D8CED48545B",
"versionEndExcluding": "29.0.9",
"versionStartIncluding": "29.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "5B11C227-AAC6-4053-BDC0-2E732B95A854",
"versionEndExcluding": "29.0.9",
"versionStartIncluding": "29.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A0880BD6-1031-428B-85D3-83BCC13FF10F",
"versionEndExcluding": "30.0.2",
"versionStartIncluding": "30.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "5BBD7BC5-F07B-4CB8-8FC7-74BDE3BBEDC5",
"versionEndExcluding": "30.0.2",
"versionStartIncluding": "30.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud Groupfolders app prior to 18.0.3, 17.0.5, and 16.0.11, the absence of quota checking on attachments allowed logged-in users to upload files exceeding the group folder quota. Nextcloud Server versions 30.0.2 and 29.0.9, Nextcloud Enterprise Server versions 30.0.2, 29.0.9, or 28.0.12, and Nextcloud Groupfolders app 18.0.3, 17.0.5, and 16.0.11 fix the issue. No known workarounds are available."
},
{
"lang": "es",
"value": "Nextcloud Server es un sistema de nube personal autoalojado, y la aplicaci\u00f3n Nextcloud Groupfolders proporciona carpetas configuradas por el administrador y compartidas por todos los miembros de un grupo o equipo. En Nextcloud Server anteriores a las versiones 30.0.2, 29.0.9 y 28.0.1, Nextcloud Enterprise Server anteriores a las versiones 30.0.2 y 29.0.9, y la aplicaci\u00f3n Nextcloud Groupfolders anteriores a las versiones 18.0.3, 17.0.5 y 16.0.11, la ausencia de comprobaci\u00f3n de cuota para los adjuntos permit\u00eda a los usuarios conectados subir archivos que exced\u00edan la cuota de la carpeta de grupo. Las versiones 30.0.2 y 29.0.9 de Nextcloud Server, Nextcloud Enterprise Server 30.0.2, 29.0.9 o 28.0.12, y la aplicaci\u00f3n Nextcloud Groupfolders 18.0.3, 17.0.5 y 16.0.11 solucionan el problema. No se conocen workarounds."
}
],
"id": "CVE-2025-47793",
"lastModified": "2025-09-08T21:54:14.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-16T15:15:48.070",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nextcloud/groupfolders/pull/3328"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nextcloud/server/pull/48623"
},
{
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/2713272"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
WID-SEC-W-2025-1082
Vulnerability from csaf_certbund - Published: 2025-05-15 22:00 - Updated: 2025-05-18 22:00Summary
Nextcloud: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Nextcloud ist eine "on-premise" Plattform für Dateifreigabe und Zusammenarbeit.
Angriff: Ein entfernter authentisierter Angreifer oder ein Angreifer aus einem angrenzenden Netzwerk kann mehrere Schwachstellen in Nextcloud ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen preiszugeben, Daten zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Nextcloud Nextcloud Enterprise <30.0.3
Nextcloud / Nextcloud
|
Enterprise <30.0.3 | ||
|
Nextcloud Nextcloud Enterprise <30.0.2
Nextcloud / Nextcloud
|
Enterprise <30.0.2 | ||
|
Nextcloud Nextcloud Enterprise <29.0.9
Nextcloud / Nextcloud
|
Enterprise <29.0.9 | ||
|
Nextcloud Nextcloud Enterprise <28.0.12
Nextcloud / Nextcloud
|
Enterprise <28.0.12 | ||
|
Nextcloud Nextcloud Server <29.0.13
Nextcloud / Nextcloud
|
Server <29.0.13 | ||
|
Nextcloud Nextcloud Enterprise <26.0.13.15
Nextcloud / Nextcloud
|
Enterprise <26.0.13.15 | ||
|
Nextcloud Nextcloud Server <30.0.3
Nextcloud / Nextcloud
|
Server <30.0.3 | ||
|
Nextcloud Nextcloud Enterprise <28.0.13
Nextcloud / Nextcloud
|
Enterprise <28.0.13 | ||
|
Nextcloud Nextcloud Enterprise <29.0.10
Nextcloud / Nextcloud
|
Enterprise <29.0.10 | ||
|
Nextcloud Nextcloud Server <30.0.7
Nextcloud / Nextcloud
|
Server <30.0.7 | ||
|
Nextcloud Nextcloud Enterprise <27.1.11.15
Nextcloud / Nextcloud
|
Enterprise <27.1.11.15 | ||
|
Nextcloud Nextcloud Server <31.0.1
Nextcloud / Nextcloud
|
Server <31.0.1 | ||
|
Nextcloud Nextcloud Enterprise <27.1.11.13
Nextcloud / Nextcloud
|
Enterprise <27.1.11.13 | ||
|
Nextcloud Nextcloud Enterprise <30.0.9
Nextcloud / Nextcloud
|
Enterprise <30.0.9 | ||
|
Nextcloud Nextcloud Enterprise <31.0.3
Nextcloud / Nextcloud
|
Enterprise <31.0.3 | ||
|
Nextcloud Nextcloud Enterprise <28.0.14.4
Nextcloud / Nextcloud
|
Enterprise <28.0.14.4 | ||
|
Nextcloud Nextcloud Server <29.0.15
Nextcloud / Nextcloud
|
Server <29.0.15 | ||
|
Nextcloud Nextcloud Enterprise <29.0.13
Nextcloud / Nextcloud
|
Enterprise <29.0.13 | ||
|
Nextcloud Nextcloud Server <30.0.9
Nextcloud / Nextcloud
|
Server <30.0.9 | ||
|
Nextcloud Nextcloud Enterprise <30.0.7
Nextcloud / Nextcloud
|
Enterprise <30.0.7 | ||
|
Nextcloud Nextcloud Server <31.0.3
Nextcloud / Nextcloud
|
Server <31.0.3 | ||
|
Nextcloud Nextcloud Enterprise <31.0.1
Nextcloud / Nextcloud
|
Enterprise <31.0.1 | ||
|
Nextcloud Nextcloud Server <29.0.10
Nextcloud / Nextcloud
|
Server <29.0.10 | ||
|
Nextcloud Nextcloud Server <30.0.2
Nextcloud / Nextcloud
|
Server <30.0.2 | ||
|
Nextcloud Nextcloud Server <29.0.9
Nextcloud / Nextcloud
|
Server <29.0.9 | ||
|
Nextcloud Nextcloud Enterprise <28.0.14.6
Nextcloud / Nextcloud
|
Enterprise <28.0.14.6 | ||
|
Nextcloud Nextcloud Enterprise <26.0.13.13
Nextcloud / Nextcloud
|
Enterprise <26.0.13.13 | ||
|
Nextcloud Nextcloud Enterprise <29.0.15
Nextcloud / Nextcloud
|
Enterprise <29.0.15 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Nextcloud Nextcloud Enterprise <30.0.3
Nextcloud / Nextcloud
|
Enterprise <30.0.3 | ||
|
Nextcloud Nextcloud Server <28.0.13
Nextcloud / Nextcloud
|
Server <28.0.13 | ||
|
Nextcloud Nextcloud Server <29.0.10
Nextcloud / Nextcloud
|
Server <29.0.10 | ||
|
Nextcloud Nextcloud Server <30.0.2
Nextcloud / Nextcloud
|
Server <30.0.2 | ||
|
Nextcloud Nextcloud Server <30.0.3
Nextcloud / Nextcloud
|
Server <30.0.3 | ||
|
Nextcloud Nextcloud Server <29.0.9
Nextcloud / Nextcloud
|
Server <29.0.9 | ||
|
Nextcloud Nextcloud Enterprise <28.0.13
Nextcloud / Nextcloud
|
Enterprise <28.0.13 | ||
|
Nextcloud Nextcloud Enterprise <29.0.10
Nextcloud / Nextcloud
|
Enterprise <29.0.10 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Nextcloud Nextcloud Desktop <3.15
Nextcloud / Nextcloud
|
Desktop <3.15 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Nextcloud Nextcloud Enterprise <30.0.2
Nextcloud / Nextcloud
|
Enterprise <30.0.2 | ||
|
Nextcloud Nextcloud Enterprise <29.0.9
Nextcloud / Nextcloud
|
Enterprise <29.0.9 | ||
|
Nextcloud Nextcloud Enterprise <28.0.12
Nextcloud / Nextcloud
|
Enterprise <28.0.12 | ||
|
Nextcloud Nextcloud Groupfolders <18.0.3
Nextcloud / Nextcloud
|
Groupfolders <18.0.3 | ||
|
Nextcloud Nextcloud Groupfolders <17.0.5
Nextcloud / Nextcloud
|
Groupfolders <17.0.5 | ||
|
Nextcloud Nextcloud Groupfolders <16.0.11
Nextcloud / Nextcloud
|
Groupfolders <16.0.11 | ||
|
Nextcloud Nextcloud Server <30.0.2
Nextcloud / Nextcloud
|
Server <30.0.2 | ||
|
Nextcloud Nextcloud Server <29.0.9
Nextcloud / Nextcloud
|
Server <29.0.9 |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Nextcloud Nextcloud Server <30.0.7
Nextcloud / Nextcloud
|
Server <30.0.7 | ||
|
Nextcloud Nextcloud Server <31.0.1
Nextcloud / Nextcloud
|
Server <31.0.1 | ||
|
Nextcloud Nextcloud Enterprise <30.0.3
Nextcloud / Nextcloud
|
Enterprise <30.0.3 | ||
|
Nextcloud Nextcloud Enterprise <27.1.11.13
Nextcloud / Nextcloud
|
Enterprise <27.1.11.13 | ||
|
Nextcloud Nextcloud Enterprise <30.0.2
Nextcloud / Nextcloud
|
Enterprise <30.0.2 | ||
|
Nextcloud Nextcloud Enterprise <28.0.14.4
Nextcloud / Nextcloud
|
Enterprise <28.0.14.4 | ||
|
Nextcloud Nextcloud Enterprise <29.0.9
Nextcloud / Nextcloud
|
Enterprise <29.0.9 | ||
|
Nextcloud Nextcloud Enterprise <29.0.13
Nextcloud / Nextcloud
|
Enterprise <29.0.13 | ||
|
Nextcloud Nextcloud Enterprise <28.0.12
Nextcloud / Nextcloud
|
Enterprise <28.0.12 | ||
|
Nextcloud Nextcloud Enterprise <30.0.7
Nextcloud / Nextcloud
|
Enterprise <30.0.7 | ||
|
Nextcloud Nextcloud Enterprise <31.0.1
Nextcloud / Nextcloud
|
Enterprise <31.0.1 | ||
|
Nextcloud Nextcloud Server <29.0.10
Nextcloud / Nextcloud
|
Server <29.0.10 | ||
|
Nextcloud Nextcloud Server <29.0.13
Nextcloud / Nextcloud
|
Server <29.0.13 | ||
|
Nextcloud Nextcloud Server <30.0.3
Nextcloud / Nextcloud
|
Server <30.0.3 | ||
|
Nextcloud Nextcloud Server <30.0.2
Nextcloud / Nextcloud
|
Server <30.0.2 | ||
|
Nextcloud Nextcloud Enterprise <28.0.13
Nextcloud / Nextcloud
|
Enterprise <28.0.13 | ||
|
Nextcloud Nextcloud Server <29.0.9
Nextcloud / Nextcloud
|
Server <29.0.9 | ||
|
Nextcloud Nextcloud Enterprise <29.0.10
Nextcloud / Nextcloud
|
Enterprise <29.0.10 | ||
|
Nextcloud Nextcloud Enterprise <26.0.13.13
Nextcloud / Nextcloud
|
Enterprise <26.0.13.13 |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Nextcloud ist eine \"on-premise\" Plattform f\u00fcr Dateifreigabe und Zusammenarbeit.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter authentisierter Angreifer oder ein Angreifer aus einem angrenzenden Netzwerk kann mehrere Schwachstellen in Nextcloud ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Daten zu manipulieren und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1082 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1082.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1082 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1082"
},
{
"category": "external",
"summary": "nextcloud security-advisories vom 2025-05-15",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9h3w-f3h4-qqrh"
},
{
"category": "external",
"summary": "nextcloud security-advisories vom 2025-05-15",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7vq-m7f8-rx37"
},
{
"category": "external",
"summary": "nextcloud security-advisories vom 2025-05-15",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qm2f-959g-7p65"
},
{
"category": "external",
"summary": "nextcloud security-advisories vom 2025-05-15",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qqgg-hhfq-vhww"
},
{
"category": "external",
"summary": "nextcloud security-advisories vom 2025-05-15",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q568-2933-gcjq"
}
],
"source_lang": "en-US",
"title": "Nextcloud: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-18T22:00:00.000+00:00",
"generator": {
"date": "2025-05-19T08:07:26.973+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-1082",
"initial_release_date": "2025-05-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-18T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-15457, EUVD-2025-15456, EUVD-2025-15453, EUVD-2025-15452"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Enterprise \u003c26.0.13.15",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c26.0.13.15",
"product_id": "T043868"
}
},
{
"category": "product_version",
"name": "Enterprise 26.0.13.15",
"product": {
"name": "Nextcloud Nextcloud Enterprise 26.0.13.15",
"product_id": "T043868-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__26.0.13.15"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c27.1.11.15",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c27.1.11.15",
"product_id": "T043869"
}
},
{
"category": "product_version",
"name": "Enterprise 27.1.11.15",
"product": {
"name": "Nextcloud Nextcloud Enterprise 27.1.11.15",
"product_id": "T043869-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__27.1.11.15"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c28.0.14.6",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c28.0.14.6",
"product_id": "T043870"
}
},
{
"category": "product_version",
"name": "Enterprise 28.0.14.6",
"product": {
"name": "Nextcloud Nextcloud Enterprise 28.0.14.6",
"product_id": "T043870-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__28.0.14.6"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c29.0.15",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c29.0.15",
"product_id": "T043871"
}
},
{
"category": "product_version",
"name": "Enterprise 29.0.15",
"product": {
"name": "Nextcloud Nextcloud Enterprise 29.0.15",
"product_id": "T043871-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__29.0.15"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c30.0.9",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c30.0.9",
"product_id": "T043872"
}
},
{
"category": "product_version",
"name": "Enterprise 30.0.9",
"product": {
"name": "Nextcloud Nextcloud Enterprise 30.0.9",
"product_id": "T043872-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__30.0.9"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c31.0.3",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c31.0.3",
"product_id": "T043873"
}
},
{
"category": "product_version",
"name": "Enterprise 31.0.3",
"product": {
"name": "Nextcloud Nextcloud Enterprise 31.0.3",
"product_id": "T043873-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__31.0.3"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c29.0.15",
"product": {
"name": "Nextcloud Nextcloud Server \u003c29.0.15",
"product_id": "T043874"
}
},
{
"category": "product_version",
"name": "Server 29.0.15",
"product": {
"name": "Nextcloud Nextcloud Server 29.0.15",
"product_id": "T043874-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:server__29.0.15"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c30.0.9",
"product": {
"name": "Nextcloud Nextcloud Server \u003c30.0.9",
"product_id": "T043875"
}
},
{
"category": "product_version",
"name": "Server 30.0.9",
"product": {
"name": "Nextcloud Nextcloud Server 30.0.9",
"product_id": "T043875-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:server__30.0.9"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c31.0.3",
"product": {
"name": "Nextcloud Nextcloud Server \u003c31.0.3",
"product_id": "T043876"
}
},
{
"category": "product_version",
"name": "Server 31.0.3",
"product": {
"name": "Nextcloud Nextcloud Server 31.0.3",
"product_id": "T043876-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:server__31.0.3"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c28.0.13",
"product": {
"name": "Nextcloud Nextcloud Server \u003c28.0.13",
"product_id": "T043878"
}
},
{
"category": "product_version",
"name": "Server 28.0.13",
"product": {
"name": "Nextcloud Nextcloud Server 28.0.13",
"product_id": "T043878-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:server__28.0.13"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c29.0.10",
"product": {
"name": "Nextcloud Nextcloud Server \u003c29.0.10",
"product_id": "T043879"
}
},
{
"category": "product_version",
"name": "Server 29.0.10",
"product": {
"name": "Nextcloud Nextcloud Server 29.0.10",
"product_id": "T043879-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:server__29.0.10"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c30.0.3",
"product": {
"name": "Nextcloud Nextcloud Server \u003c30.0.3",
"product_id": "T043880"
}
},
{
"category": "product_version",
"name": "Server 30.0.3",
"product": {
"name": "Nextcloud Nextcloud Server 30.0.3",
"product_id": "T043880-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:server__30.0.3"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c28.0.13",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c28.0.13",
"product_id": "T043881"
}
},
{
"category": "product_version",
"name": "Enterprise 28.0.13",
"product": {
"name": "Nextcloud Nextcloud Enterprise 28.0.13",
"product_id": "T043881-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__28.0.13"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c29.0.10",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c29.0.10",
"product_id": "T043882"
}
},
{
"category": "product_version",
"name": "Enterprise 29.0.10",
"product": {
"name": "Nextcloud Nextcloud Enterprise 29.0.10",
"product_id": "T043882-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__29.0.10"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c30.0.3",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c30.0.3",
"product_id": "T043883"
}
},
{
"category": "product_version",
"name": "Enterprise 30.0.3",
"product": {
"name": "Nextcloud Nextcloud Enterprise 30.0.3",
"product_id": "T043883-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__30.0.3"
}
}
},
{
"category": "product_version_range",
"name": "Desktop \u003c3.15",
"product": {
"name": "Nextcloud Nextcloud Desktop \u003c3.15",
"product_id": "T043884"
}
},
{
"category": "product_version",
"name": "Desktop 3.15",
"product": {
"name": "Nextcloud Nextcloud Desktop 3.15",
"product_id": "T043884-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:desktop__3.15"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c30.0.2",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c30.0.2",
"product_id": "T043885"
}
},
{
"category": "product_version",
"name": "Enterprise 30.0.2",
"product": {
"name": "Nextcloud Nextcloud Enterprise 30.0.2",
"product_id": "T043885-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__30.0.2"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c29.0.9",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c29.0.9",
"product_id": "T043886"
}
},
{
"category": "product_version",
"name": "Enterprise 29.0.9",
"product": {
"name": "Nextcloud Nextcloud Enterprise 29.0.9",
"product_id": "T043886-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__29.0.9"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c28.0.12",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c28.0.12",
"product_id": "T043887"
}
},
{
"category": "product_version",
"name": "Enterprise 28.0.12",
"product": {
"name": "Nextcloud Nextcloud Enterprise 28.0.12",
"product_id": "T043887-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__28.0.12"
}
}
},
{
"category": "product_version_range",
"name": "Groupfolders \u003c18.0.3",
"product": {
"name": "Nextcloud Nextcloud Groupfolders \u003c18.0.3",
"product_id": "T043888"
}
},
{
"category": "product_version",
"name": "Groupfolders 18.0.3",
"product": {
"name": "Nextcloud Nextcloud Groupfolders 18.0.3",
"product_id": "T043888-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:groupfolders__18.0.3"
}
}
},
{
"category": "product_version_range",
"name": "Groupfolders \u003c17.0.5",
"product": {
"name": "Nextcloud Nextcloud Groupfolders \u003c17.0.5",
"product_id": "T043889"
}
},
{
"category": "product_version",
"name": "Groupfolders 17.0.5",
"product": {
"name": "Nextcloud Nextcloud Groupfolders 17.0.5",
"product_id": "T043889-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:groupfolders__17.0.5"
}
}
},
{
"category": "product_version_range",
"name": "Groupfolders \u003c16.0.11",
"product": {
"name": "Nextcloud Nextcloud Groupfolders \u003c16.0.11",
"product_id": "T043890"
}
},
{
"category": "product_version",
"name": "Groupfolders 16.0.11",
"product": {
"name": "Nextcloud Nextcloud Groupfolders 16.0.11",
"product_id": "T043890-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:groupfolders__16.0.11"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c30.0.2",
"product": {
"name": "Nextcloud Nextcloud Server \u003c30.0.2",
"product_id": "T043891"
}
},
{
"category": "product_version",
"name": "Server 30.0.2",
"product": {
"name": "Nextcloud Nextcloud Server 30.0.2",
"product_id": "T043891-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:server__30.0.2"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c29.0.9",
"product": {
"name": "Nextcloud Nextcloud Server \u003c29.0.9",
"product_id": "T043892"
}
},
{
"category": "product_version",
"name": "Server 29.0.9",
"product": {
"name": "Nextcloud Nextcloud Server 29.0.9",
"product_id": "T043892-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:server__29.0.9"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c26.0.13.13",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c26.0.13.13",
"product_id": "T043893"
}
},
{
"category": "product_version",
"name": "Enterprise 26.0.13.13",
"product": {
"name": "Nextcloud Nextcloud Enterprise 26.0.13.13",
"product_id": "T043893-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__26.0.13.13"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c27.1.11.13",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c27.1.11.13",
"product_id": "T043894"
}
},
{
"category": "product_version",
"name": "Enterprise 27.1.11.13",
"product": {
"name": "Nextcloud Nextcloud Enterprise 27.1.11.13",
"product_id": "T043894-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__27.1.11.13"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c28.0.14.4",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c28.0.14.4",
"product_id": "T043896"
}
},
{
"category": "product_version",
"name": "Enterprise 28.0.14.4",
"product": {
"name": "Nextcloud Nextcloud Enterprise 28.0.14.4",
"product_id": "T043896-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__28.0.14.4"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c29.0.13",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c29.0.13",
"product_id": "T043897"
}
},
{
"category": "product_version",
"name": "Enterprise 29.0.13",
"product": {
"name": "Nextcloud Nextcloud Enterprise 29.0.13",
"product_id": "T043897-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__29.0.13"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c30.0.7",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c30.0.7",
"product_id": "T043898"
}
},
{
"category": "product_version",
"name": "Enterprise 30.0.7",
"product": {
"name": "Nextcloud Nextcloud Enterprise 30.0.7",
"product_id": "T043898-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__30.0.7"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003c31.0.1",
"product": {
"name": "Nextcloud Nextcloud Enterprise \u003c31.0.1",
"product_id": "T043899"
}
},
{
"category": "product_version",
"name": "Enterprise 31.0.1",
"product": {
"name": "Nextcloud Nextcloud Enterprise 31.0.1",
"product_id": "T043899-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:enterprise__31.0.1"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c29.0.13",
"product": {
"name": "Nextcloud Nextcloud Server \u003c29.0.13",
"product_id": "T043901"
}
},
{
"category": "product_version",
"name": "Server 29.0.13",
"product": {
"name": "Nextcloud Nextcloud Server 29.0.13",
"product_id": "T043901-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:server__29.0.13"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c30.0.7",
"product": {
"name": "Nextcloud Nextcloud Server \u003c30.0.7",
"product_id": "T043902"
}
},
{
"category": "product_version",
"name": "Server 30.0.7",
"product": {
"name": "Nextcloud Nextcloud Server 30.0.7",
"product_id": "T043902-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:server__30.0.7"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c31.0.1",
"product": {
"name": "Nextcloud Nextcloud Server \u003c31.0.1",
"product_id": "T043903"
}
},
{
"category": "product_version",
"name": "Server 31.0.1",
"product": {
"name": "Nextcloud Nextcloud Server 31.0.1",
"product_id": "T043903-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nextcloud:nextcloud:server__31.0.1"
}
}
}
],
"category": "product_name",
"name": "Nextcloud"
}
],
"category": "vendor",
"name": "Nextcloud"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47790",
"product_status": {
"known_affected": [
"T043883",
"T043885",
"T043886",
"T043887",
"T043901",
"T043868",
"T043880",
"T043881",
"T043882",
"T043902",
"T043869",
"T043903",
"T043894",
"T043872",
"T043873",
"T043896",
"T043874",
"T043897",
"T043875",
"T043898",
"T043876",
"T043899",
"T043879",
"T043891",
"T043892",
"T043870",
"T043893",
"T043871"
]
},
"release_date": "2025-05-15T22:00:00.000+00:00",
"title": "CVE-2025-47790"
},
{
"cve": "CVE-2025-47791",
"product_status": {
"known_affected": [
"T043883",
"T043878",
"T043879",
"T043891",
"T043880",
"T043892",
"T043881",
"T043882"
]
},
"release_date": "2025-05-15T22:00:00.000+00:00",
"title": "CVE-2025-47791"
},
{
"cve": "CVE-2025-47792",
"product_status": {
"known_affected": [
"T043884"
]
},
"release_date": "2025-05-15T22:00:00.000+00:00",
"title": "CVE-2025-47792"
},
{
"cve": "CVE-2025-47793",
"product_status": {
"known_affected": [
"T043885",
"T043886",
"T043887",
"T043888",
"T043889",
"T043890",
"T043891",
"T043892"
]
},
"release_date": "2025-05-15T22:00:00.000+00:00",
"title": "CVE-2025-47793"
},
{
"cve": "CVE-2025-47794",
"product_status": {
"known_affected": [
"T043902",
"T043903",
"T043883",
"T043894",
"T043885",
"T043896",
"T043886",
"T043897",
"T043887",
"T043898",
"T043899",
"T043879",
"T043901",
"T043880",
"T043891",
"T043881",
"T043892",
"T043882",
"T043893"
]
},
"release_date": "2025-05-15T22:00:00.000+00:00",
"title": "CVE-2025-47794"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…