CVE-2025-66551

Medium CVSS: 6.3

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3.

Vendor

Nextcloud

Product

Tables

CWE

CWE-639

Yayın Tarihi

2025-12-05 18:15:58

Güncelleme

2025-12-09 17:07:34

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-639 Tables MEDIUM Nextcloud 2025

Referanslar

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w787-vwqp-8wr7 https://github.com/nextcloud/tables/commit/39f24a62fb41fd7a8bda65325f8bbafdc91c731c https://github.com/nextcloud/tables/pull/1810 https://hackerone.com/reports/3137895

Benzer Kayıtlar

Medium

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any a…

Low

CVE-2025-66558

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing owne…

Low

CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside…

Medium

CVE-2025-66553

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated u…

Low

CVE-2025-66554

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5…

Low

CVE-2025-66556

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat pe…