This article provides a detailed analysis of CVE-2025-66552, a medium severity security vulnerability affecting Nextcloud Server and Enterprise Server. This vulnerability allows for actions on files and folders within group folders to bypass the admin audit logging system, potentially hindering security monitoring and incident response. Overview CVE-2025-66552 was identified in Nextcloud Server and Enterprise Server versions prior to 30.0.9 and 31.0.1. The issue stems from incorrect path handling within group folders, leading to the admin_audit app failing to record certain actions. This could allow malicious actors to operate within group folders without leaving a comprehensive audit trail. Technical Details The…

Overview This article details CVE-2025-66547, a medium severity security vulnerability affecting Nextcloud Server and Enterprise Server versions prior to 31.0.1. This flaw allows non-privileged users to modify tags on files even if they lack direct access to those files, potentially leading to data integrity issues and unauthorized information disclosure. A fix is available in version 31.0.1. Technical Details The vulnerability stems from insufficient access control checks during bulk tagging operations. An unauthenticated, low-privilege user can craft requests to modify tags on files to which they would normally not have access. This occurs due to a bypass in the permissioning logic…

Overview This blog post details CVE-2025-66546, a low-severity vulnerability discovered in Nextcloud Calendar, a popular calendar application for Nextcloud. This vulnerability allowed attackers to potentially book appointments without knowing the appointment token by exploiting a sequential ID issue. Patches have been released to address this issue. Technical Details The vulnerability stemmed from the way Nextcloud Calendar handled appointment booking IDs. Prior to versions 4.7.19, 5.5.6, and 6.0.1, the application didn’t sufficiently validate appointment booking requests. An attacker could potentially predict and use sequential IDs to blindly book appointments, even without possessing the proper appointment token. This could lead to unauthorized…

Overview CVE-2025-66512 is a medium-severity vulnerability affecting Nextcloud Server and Server Enterprise. This vulnerability allows a malicious user to potentially bypass the Content Security Policy (CSP) by tricking a user into viewing a specially crafted SVG file outside of the Nextcloud Server’s web page context. This could lead to cross-site scripting (XSS) or other malicious activities. Technical Details The vulnerability stems from a missing sanitization check when handling uploaded SVG files. A malicious user can craft an SVG file containing JavaScript code or other potentially harmful content. If a user then views this SVG file in a way that bypasses…

Overview CVE-2025-66511 is a medium severity vulnerability found in Nextcloud Calendar, a popular calendar application for the Nextcloud platform. This vulnerability, affecting versions prior to 6.0.3, stems from the predictable generation of participant tokens used in meeting proposals. An attacker could potentially compute valid tokens, allowing them to gain unauthorized access to meeting details and submit dates on behalf of others. Technical Details The core issue lies in how the Calendar app generates participant tokens for meeting proposals. Instead of employing a cryptographically secure random number generator, the application utilizes a hash function that, while not explicitly stated, is likely…

Overview CVE-2025-66510 is a medium severity vulnerability affecting Nextcloud Server. This vulnerability allows authenticated users to retrieve personal data (emails, names, identifiers) of other users without proper access control via the contacts search functionality. This means a malicious user can potentially gather information about accounts that are not directly related or added as contacts. Technical Details The vulnerability resides in how Nextcloud Server handles access control during contacts searches. Specifically, versions prior to 31.0.10 and 32.0.1 of Nextcloud Server, and Nextcloud Enterprise Server versions prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10 are susceptible. The issue arises because the search function…

Overview This article discusses CVE-2025-66471, a vulnerability affecting urllib3, a popular user-friendly HTTP client library for Python. Specifically, the vulnerability resides in the streaming API and its handling of highly compressed data. This can lead to excessive resource consumption, potentially causing denial-of-service conditions. Technical Details Urllib3’s streaming API is designed to efficiently handle large HTTP responses by processing data in chunks. When dealing with compressed responses (e.g., gzip, deflate, br, or zstd), urllib3 decompresses the data based on the Content-Encoding header. The vulnerability arises because the decompression logic can, in certain scenarios with highly compressed data, fully decode a small…

Overview A critical security vulnerability, identified as CVE-2025-65879, has been discovered in Warehouse Management System version 1.2. This vulnerability allows an authenticated attacker to delete arbitrary files on the server. The root cause lies in insufficient input validation on the /goods/deleteGoods endpoint, specifically concerning the goodsimg parameter. Technical Details The vulnerability stems from the lack of proper sanitization of the goodsimg parameter passed to the /goods/deleteGoods endpoint. An authenticated user can manipulate this parameter to include directory traversal sequences (e.g., ../). The application then directly concatenates the user-controlled goodsimg value with the server’s UPLOAD_PATH and passes the resulting path to…

Overview CVE-2025-65878 describes an arbitrary file read vulnerability affecting version 1.2 of the Warehouse Management System. This vulnerability allows an attacker to read sensitive files on the server’s file system by exploiting a lack of proper input sanitization in the /file/showImageByPath endpoint. By crafting malicious requests with directory traversal sequences, attackers can bypass intended access controls and potentially access confidential data, configuration files, or even system binaries. Technical Details The vulnerability resides in the /file/showImageByPath endpoint. The system fails to adequately sanitize user-supplied path parameters used to retrieve image files. This oversight allows an attacker to inject directory traversal sequences…

Overview A critical security vulnerability, identified as CVE-2025-65036, has been discovered in the XWiki Remote Macros extension. This extension is designed to provide XWiki rendering macros that facilitate content migration from Confluence. The vulnerability, present in versions prior to 1.27.1, allows for Remote Code Execution (RCE) due to insufficient permission checks when executing Velocity macros from details pages. This means a malicious actor could potentially execute arbitrary code on the XWiki server. Technical Details The XWiki Remote Macros extension allows users to leverage Velocity macros to render content. Versions prior to 1.27.1 do not properly validate the permissions of users…