CVE-2025-66510

Medium CVSS: 4.5

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts.

Vendor

Nextcloud

Product

Nextcloud Server

CWE

CWE-359

Yayın Tarihi

2025-12-05 17:16:04

Güncelleme

2025-12-10 16:12:34

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-359 Nextcloud Server MEDIUM Nextcloud 2025

Referanslar

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-495w-cqv6-wr59 https://github.com/nextcloud/server/commit/e4866860cbf24a746eb8a125587262a4c8831c57 https://github.com/nextcloud/server/pull/55657

Benzer Kayıtlar

Medium

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any a…

Low

CVE-2025-66558

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing owne…

Low

CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside…

Medium

CVE-2025-66551

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious use…

Medium

CVE-2025-66553

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated u…

Low

CVE-2025-66554

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5…