CVE-2025-66547

Medium CVSS: 4.3

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.

Vendor

Nextcloud

Product

Nextcloud Server

CWE

CWE-639

Yayın Tarihi

2025-12-05 17:16:05

Güncelleme

2025-12-09 16:31:38

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-639 Nextcloud Server MEDIUM Nextcloud 2025

Referanslar

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hq6c-r898-fgf2 https://github.com/nextcloud/server/commit/b44f1568f2dc97c746281d99e2342ad679e3d8a9 https://github.com/nextcloud/server/issues/51247 https://github.com/nextcloud/server/pull/51288 https://hackerone.com/reports/3040887

Benzer Kayıtlar

Medium

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any a…

Low

CVE-2025-66558

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing owne…

Low

CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside…

Medium

CVE-2025-66551

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious use…

Medium

CVE-2025-66553

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated u…

Low

CVE-2025-66554

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5…