Overview CVE-2025-66566 is a vulnerability affecting the Java-based decompressor implementations within the yawkat LZ4 Java library (lz4-java) version 1.10.0 and earlier. This flaw stems from insufficient clearing of the output buffer, potentially allowing remote attackers to read previous buffer contents through crafted compressed input. In scenarios where the output buffer is reused without being properly cleared, this could result in the disclosure of sensitive data. This vulnerability has been addressed in version 1.10.1. Technical Details The vulnerability lies in the Java implementation of the LZ4 decompressor within the lz4-java library. Due to inadequate clearing of the output buffer after a…
-
-
Overview A critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-66562, has been discovered in TUUI, a desktop MCP client designed for unitary utility integration. This vulnerability affects versions prior to 1.3.4. By exploiting an unsafe Cross-Site Scripting (XSS) flaw within the Markdown rendering component, attackers can execute arbitrary system commands on a victim’s machine. Updating to version 1.3.4 is crucial to address this security issue. Technical Details The vulnerability stems from an XSS flaw in how TUUI renders Markdown, specifically within ECharts code blocks. TUUI allows the execution of arbitrary JavaScript within these blocks. Furthermore, TUUI exposes an IPC…
-
Overview CVE-2025-66558 describes a vulnerability found in Nextcloud Twofactor WebAuthn, the WebAuthn Two-Factor Provider for Nextcloud. This flaw, present in versions prior to 1.4.2 and 2.4.1, allows a potential attacker to take over a user’s registered WebAuthn 2FA device by correctly guessing a sufficiently long random string (80-128 characters). While the attacker cannot directly authenticate as the victim, they can force the victim to re-register their WebAuthn device, potentially opening the door to other attack vectors down the line. The vulnerability is addressed in versions 1.4.2 and 2.4.1. Technical Details The vulnerability stems from a missing ownership check during the…
-
This article provides a detailed analysis of CVE-2025-66557, a medium-severity vulnerability affecting Nextcloud Deck. We’ll explore the technical details, potential impact, and necessary steps to mitigate this risk. Overview CVE-2025-66557 affects Nextcloud Deck, a popular kanban-style organization tool integrated within Nextcloud. The vulnerability allows users with “Can share” permissions on a Deck board to modify the permissions of other users sharing the same board. This effectively allows a user to elevate their privileges or downgrade the privileges of others, potentially leading to unauthorized access and data manipulation. Technical Details The vulnerability stems from a flaw in the permission logic within…
-
Overview CVE-2025-66556 describes a low-severity vulnerability affecting Nextcloud Talk, a video and audio conferencing application for Nextcloud. This issue allows a participant with chat permissions to delete poll drafts created by other participants within the conversation, exploiting their numeric ID. The vulnerability has been patched in versions 20.1.8 and 21.1.2 of Nextcloud Talk. Technical Details The vulnerability stems from insufficient access control when handling poll draft deletion requests within Nextcloud Talk. A user with basic chat privileges could manipulate the request to delete a poll draft by specifying the numeric ID of another participant’s draft. The system incorrectly authorized the…
-
Overview CVE-2025-66554 is a low-severity vulnerability affecting the Contacts app for Nextcloud. This app facilitates syncing contacts from various devices to your Nextcloud instance and allows for editing. The vulnerability allows a malicious user to inject arbitrary CSS by manipulating the organization and title fields within their contact profile. This issue has been addressed in versions 5.5.4, 6.0.6, and 7.2.5 of the Nextcloud Contacts app. Technical Details The vulnerability stems from insufficient sanitization of user-provided input in the “organisation” and “title” fields. While Javascript and other potentially more dangerous code were blocked by Nextcloud’s Content Security Policy (CSP), a malicious…
-
Overview CVE-2025-66553 is a medium-severity vulnerability affecting the Nextcloud Tables application. This vulnerability allows authenticated users to potentially view metadata of columns in other tables within the application by manipulating the numeric ID in a request. This exposure could lead to information disclosure and potentially aid in further exploitation. The vulnerability has been patched in versions 0.8.7 and 0.9.4 of the Tables application. Technical Details The vulnerability stems from insufficient access control checks within the Nextcloud Tables application. Specifically, the application fails to properly validate the user’s authorization when retrieving column metadata. By modifying the numeric ID associated with a…
-
Overview CVE-2025-66551 is a medium-severity vulnerability affecting Nextcloud Tables, a powerful app that allows users to create and manage custom tables with individual columns. This flaw allows a malicious user to potentially move a column from their own table into a victim’s table without proper authorization. This could lead to data corruption, data theft, or other unintended consequences. Technical Details The vulnerability lies within the column management functionality of Nextcloud Tables. Prior to versions 0.8.6 and 0.9.3, insufficient authorization checks were performed when a user attempted to move a column between tables. A malicious user could exploit this by crafting…
-
Overview CVE-2025-66549 is a low-severity vulnerability affecting Nextcloud Desktop, the desktop sync client for Nextcloud. Prior to version 3.16.5, when a user attempted to manually lock a file within an end-to-end encrypted directory, the file’s path was transmitted to the server without encryption. This exposed the file path to administrators via server log files. This advisory provides details about the vulnerability, its potential impact, and the steps required to mitigate the risk. This issue has been fixed in version 3.16.5 of Nextcloud Desktop. Technical Details The vulnerability stemmed from the lack of proper encryption when handling file paths during manual…
-
Overview CVE-2025-66548 describes a low-severity vulnerability affecting Nextcloud Deck, a kanban-style organization tool integrated within Nextcloud. This vulnerability allows an attacker to spoof the file extension of downloaded files by utilizing Right-to-Left Override (RTLO) characters. This can trick users into downloading and potentially executing files with a different extension than what is displayed, potentially leading to unintended consequences. Technical Details The vulnerability resides in how Nextcloud Deck handles file names during download. By injecting RTLO characters into the file name, the displayed extension can be manipulated. For instance, a file named “evil_exe.txt” (where “” represents the RTLO character) would be…