Overview CVE-2025-66551 is a medium-severity vulnerability affecting Nextcloud Tables, a powerful app that allows users to create and manage custom tables with individual columns. This flaw allows a malicious user to potentially move a column from their own table into a victim’s table without proper authorization. This could lead to data corruption, data theft, or other unintended consequences. Technical Details The vulnerability lies within the column management functionality of Nextcloud Tables. Prior to versions 0.8.6 and 0.9.3, insufficient authorization checks were performed when a user attempted to move a column between tables. A malicious user could exploit this by crafting…

Overview CVE-2025-66549 is a low-severity vulnerability affecting Nextcloud Desktop, the desktop sync client for Nextcloud. Prior to version 3.16.5, when a user attempted to manually lock a file within an end-to-end encrypted directory, the file’s path was transmitted to the server without encryption. This exposed the file path to administrators via server log files. This advisory provides details about the vulnerability, its potential impact, and the steps required to mitigate the risk. This issue has been fixed in version 3.16.5 of Nextcloud Desktop. Technical Details The vulnerability stemmed from the lack of proper encryption when handling file paths during manual…

Overview CVE-2025-66548 describes a low-severity vulnerability affecting Nextcloud Deck, a kanban-style organization tool integrated within Nextcloud. This vulnerability allows an attacker to spoof the file extension of downloaded files by utilizing Right-to-Left Override (RTLO) characters. This can trick users into downloading and potentially executing files with a different extension than what is displayed, potentially leading to unintended consequences. Technical Details The vulnerability resides in how Nextcloud Deck handles file names during download. By injecting RTLO characters into the file name, the displayed extension can be manipulated. For instance, a file named “evil_exe‮.txt” (where “‮” represents the RTLO character) would be…

Published: 2025-12-05 Overview This blog post discusses a security vulnerability, identified as CVE-2025-66545, affecting Nextcloud Groupfolders. This vulnerability allows a user with read-only permissions within a Nextcloud Groupfolder to restore files from the trash bin. This behavior deviates from the intended access control model, potentially leading to unintended data recovery by users who should not have such capabilities. Technical Details The vulnerability resides within the Groupfolders application for Nextcloud. Prior to versions 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, the application incorrectly permitted read-only users to interact with the trash bin in a way that allowed them to restore…

Overview CVE-2025-66515 is a low-severity vulnerability discovered in the Nextcloud Approval app. This flaw allows an authenticated user listed as a requester in a workflow to inappropriately set another user’s file into the “pending approval” state, even without having access to the file itself. This is achieved by exploiting the numeric file ID within the Approval app. The vulnerability affects versions prior to 1.3.1 and 2.5.0 of the Nextcloud Approval app. Users are strongly encouraged to update to the patched versions to mitigate the risk. Technical Details The vulnerability stems from insufficient access control checks when a user triggers the…

Overview CVE-2025-66514 describes a stored HTML injection vulnerability found in the Nextcloud Mail application, specifically affecting versions prior to 5.5.3. This vulnerability allows an authenticated user to inject HTML code into the subject lines of emails displayed within the Mail app. While JavaScript execution is prevented due to Nextcloud’s Content Security Policy (CSP), the injection of HTML can still lead to potential phishing or defacement attacks. Published on 2025-12-05T18:15:57.457, this vulnerability has been assessed as having a low severity. Technical Details The vulnerability stems from insufficient sanitization of email subject lines when they are displayed in the Nextcloud Mail application’s…

Overview CVE-2025-66513 describes a medium severity information disclosure vulnerability affecting Nextcloud Tables. The vulnerability allows unprivileged users to potentially access information about table sharing configurations, specifically which users or groups have access to which tables and their associated permissions. This information should ideally be restricted to administrative users. Successful exploitation could lead to unauthorized access to sensitive data managed within Nextcloud Tables. Technical Details The vulnerability resides in how Nextcloud Tables manages access control information related to table sharing. Prior to versions 0.8.9, 0.9.6, and 1.0.1, the system did not properly restrict access to the numeric IDs of tables and…

Overview A significant security vulnerability, identified as CVE-2025-34266, has been discovered in Advantech WISE-DeviceOn Server versions prior to 5.4. This vulnerability is a stored cross-site scripting (XSS) issue that allows attackers to inject malicious scripts into the application. Successful exploitation could lead to session compromise and unauthorized actions. Technical Details The vulnerability resides in the /rmm/v1/plugin-config/addins/menus endpoint. An authenticated user with the ability to add or edit AddIns menu entries can inject malicious JavaScript code into the ‘label’ or ‘path’ fields of the AddIns menu configuration. These values are then stored and rendered in the AddIns UI without proper HTML…

Overview A significant security vulnerability, identified as CVE-2025-34265, has been discovered in Advantech WISE-DeviceOn Server. This vulnerability affects versions prior to 5.4 and is classified as a stored cross-site scripting (XSS) issue. Technical Details The vulnerability resides in the /rmm/v1/rule-engines endpoint. Specifically, when an authenticated user creates or updates a rule for an agent, the fields ‘min’, ‘max’, and ‘unit’ are stored without proper HTML sanitization. These unsanitized fields are then rendered in rule listings or detail views. An attacker can exploit this by injecting malicious JavaScript code into these fields. When a user views or interacts with the affected…

Overview CVE-2025-34264 details a stored cross-site scripting (XSS) vulnerability affecting Advantech WISE-DeviceOn Server versions prior to 5.4. This vulnerability resides in the `/rmm/v1/dog/{agentId}` endpoint, specifically related to the Software Watchdog feature. Technical Details The vulnerability occurs when an authenticated user adds or edits Software Watchdog process rules for an agent. The monitored process name, which is stored in the settings array, is subsequently rendered in the Software Watchdog UI without proper HTML sanitization. This lack of input validation allows an attacker to inject malicious JavaScript code into the process name field. When a user views or interacts with the affected…