CVE-2025-66548

Low CVSS: 3.3

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension than what is displayed. This vulnerability is fixed in 1.12.7, 1.14.4, and 1.15.1.

Vendor

Nextcloud

Product

Deck

CWE

CWE-116

Yayın Tarihi

2025-12-05 18:15:57

Güncelleme

2025-12-09 19:01:55

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-116 Deck LOW Nextcloud 2025

Referanslar

https://github.com/nextcloud/deck/commit/afa95d3c507465b9d31af7c88c69b76711ef185a https://github.com/nextcloud/deck/pull/6671 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xjvq-xvr7-xpg6 https://hackerone.com/reports/2326618

Benzer Kayıtlar

Medium

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any a…

Low

CVE-2025-66558

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing owne…

Low

CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside…

Medium

CVE-2025-66551

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious use…

Medium

CVE-2025-66553

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated u…

Low

CVE-2025-66554

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5…