CVE-2025-66549

Low CVSS: 2.4

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is fixed in 3.16.5.

Vendor

Nextcloud

Product

Desktop

CWE

CWE-209

Yayın Tarihi

2025-12-05 18:15:58

Güncelleme

2025-12-09 18:58:22

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-209 Desktop LOW Nextcloud 2025

Referanslar

https://github.com/nextcloud/desktop/commit/36d6c234d42b06a6f2e9de3e413a5c3c625edad6 https://github.com/nextcloud/desktop/pull/8330 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h9xj-qh76-q3hw https://hackerone.com/reports/3159877

Benzer Kayıtlar

Medium

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any a…

Low

CVE-2025-66558

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing owne…

Medium

CVE-2025-66551

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious use…

Medium

CVE-2025-66553

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated u…

Low

CVE-2025-66554

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5…

Low

CVE-2025-66556

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat pe…