Overview CVE-2025-66556 describes a low-severity vulnerability affecting Nextcloud Talk, a video and audio conferencing application for Nextcloud. This issue allows a participant with chat permissions to delete poll drafts created by other participants within the conversation, exploiting their numeric ID. The vulnerability has been patched in versions 20.1.8 and 21.1.2 of Nextcloud Talk. Technical Details The vulnerability stems from insufficient access control when handling poll draft deletion requests within Nextcloud Talk. A user with basic chat privileges could manipulate the request to delete a poll draft by specifying the numeric ID of another participant’s draft. The system incorrectly authorized the…
-
-
Overview CVE-2025-66554 is a low-severity vulnerability affecting the Contacts app for Nextcloud. This app facilitates syncing contacts from various devices to your Nextcloud instance and allows for editing. The vulnerability allows a malicious user to inject arbitrary CSS by manipulating the organization and title fields within their contact profile. This issue has been addressed in versions 5.5.4, 6.0.6, and 7.2.5 of the Nextcloud Contacts app. Technical Details The vulnerability stems from insufficient sanitization of user-provided input in the “organisation” and “title” fields. While Javascript and other potentially more dangerous code were blocked by Nextcloud’s Content Security Policy (CSP), a malicious…
-
Overview CVE-2025-66553 is a medium-severity vulnerability affecting the Nextcloud Tables application. This vulnerability allows authenticated users to potentially view metadata of columns in other tables within the application by manipulating the numeric ID in a request. This exposure could lead to information disclosure and potentially aid in further exploitation. The vulnerability has been patched in versions 0.8.7 and 0.9.4 of the Tables application. Technical Details The vulnerability stems from insufficient access control checks within the Nextcloud Tables application. Specifically, the application fails to properly validate the user’s authorization when retrieving column metadata. By modifying the numeric ID associated with a…
-
Overview CVE-2025-66551 is a medium-severity vulnerability affecting Nextcloud Tables, a powerful app that allows users to create and manage custom tables with individual columns. This flaw allows a malicious user to potentially move a column from their own table into a victim’s table without proper authorization. This could lead to data corruption, data theft, or other unintended consequences. Technical Details The vulnerability lies within the column management functionality of Nextcloud Tables. Prior to versions 0.8.6 and 0.9.3, insufficient authorization checks were performed when a user attempted to move a column between tables. A malicious user could exploit this by crafting…
-
Overview CVE-2025-66549 is a low-severity vulnerability affecting Nextcloud Desktop, the desktop sync client for Nextcloud. Prior to version 3.16.5, when a user attempted to manually lock a file within an end-to-end encrypted directory, the file’s path was transmitted to the server without encryption. This exposed the file path to administrators via server log files. This advisory provides details about the vulnerability, its potential impact, and the steps required to mitigate the risk. This issue has been fixed in version 3.16.5 of Nextcloud Desktop. Technical Details The vulnerability stemmed from the lack of proper encryption when handling file paths during manual…
-
Overview CVE-2025-66548 describes a low-severity vulnerability affecting Nextcloud Deck, a kanban-style organization tool integrated within Nextcloud. This vulnerability allows an attacker to spoof the file extension of downloaded files by utilizing Right-to-Left Override (RTLO) characters. This can trick users into downloading and potentially executing files with a different extension than what is displayed, potentially leading to unintended consequences. Technical Details The vulnerability resides in how Nextcloud Deck handles file names during download. By injecting RTLO characters into the file name, the displayed extension can be manipulated. For instance, a file named “evil_exe.txt” (where “” represents the RTLO character) would be…
-
Published: 2025-12-05 Overview This blog post discusses a security vulnerability, identified as CVE-2025-66545, affecting Nextcloud Groupfolders. This vulnerability allows a user with read-only permissions within a Nextcloud Groupfolder to restore files from the trash bin. This behavior deviates from the intended access control model, potentially leading to unintended data recovery by users who should not have such capabilities. Technical Details The vulnerability resides within the Groupfolders application for Nextcloud. Prior to versions 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, the application incorrectly permitted read-only users to interact with the trash bin in a way that allowed them to restore…
-
Overview CVE-2025-66515 is a low-severity vulnerability discovered in the Nextcloud Approval app. This flaw allows an authenticated user listed as a requester in a workflow to inappropriately set another user’s file into the “pending approval” state, even without having access to the file itself. This is achieved by exploiting the numeric file ID within the Approval app. The vulnerability affects versions prior to 1.3.1 and 2.5.0 of the Nextcloud Approval app. Users are strongly encouraged to update to the patched versions to mitigate the risk. Technical Details The vulnerability stems from insufficient access control checks when a user triggers the…
-
Overview CVE-2025-66514 describes a stored HTML injection vulnerability found in the Nextcloud Mail application, specifically affecting versions prior to 5.5.3. This vulnerability allows an authenticated user to inject HTML code into the subject lines of emails displayed within the Mail app. While JavaScript execution is prevented due to Nextcloud’s Content Security Policy (CSP), the injection of HTML can still lead to potential phishing or defacement attacks. Published on 2025-12-05T18:15:57.457, this vulnerability has been assessed as having a low severity. Technical Details The vulnerability stems from insufficient sanitization of email subject lines when they are displayed in the Nextcloud Mail application’s…
-
Overview CVE-2025-66513 describes a medium severity information disclosure vulnerability affecting Nextcloud Tables. The vulnerability allows unprivileged users to potentially access information about table sharing configurations, specifically which users or groups have access to which tables and their associated permissions. This information should ideally be restricted to administrative users. Successful exploitation could lead to unauthorized access to sensitive data managed within Nextcloud Tables. Technical Details The vulnerability resides in how Nextcloud Tables manages access control information related to table sharing. Prior to versions 0.8.9, 0.9.6, and 1.0.1, the system did not properly restrict access to the numeric IDs of tables and…