CVE-2025-66512

Medium CVSS: 5.4

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page.

Vendor

Nextcloud

Product

Nextcloud Server

CWE

CWE-80

Yayın Tarihi

2025-12-05 17:16:04

Güncelleme

2025-12-09 16:38:19

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-80 Nextcloud Server MEDIUM Nextcloud 2025

Referanslar

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qcw2-p26m-9gc5 https://github.com/nextcloud/viewer/commit/5044a27d61bc40c0f134298d36af91f865335b63 https://github.com/nextcloud/viewer/pull/3023 https://hackerone.com/reports/3357808

Benzer Kayıtlar

Medium

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any a…

Low

CVE-2025-66558

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing owne…

Low

CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside…

Medium

CVE-2025-66551

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious use…

Medium

CVE-2025-66553

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated u…

Low

CVE-2025-66554

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5…