Vulnerability-Lookup

WID-SEC-W-2025-2757

Vulnerability from csaf_certbund - Published: 2025-12-07 23:00 - Updated: 2025-12-07 23:00

Summary

Nextcloud (Contacts, Talk, Deck und Twofactor WebAuthn): Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Nextcloud ist eine "on-premise" Plattform für Dateifreigabe und Zusammenarbeit.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Nextcloud ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, um Dateien zu manipulieren, und um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Nextcloud ist eine \"on-premise\" Plattform f\u00fcr Dateifreigabe und Zusammenarbeit.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Nextcloud ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, um Dateien zu manipulieren, und um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2757 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2757.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2757 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2757"
      },
      {
        "category": "external",
        "summary": "Nextcloud Security Advisory vom 2025-12-07",
        "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vqgg-m2jh"
      },
      {
        "category": "external",
        "summary": "Nextcloud Security Advisory vom 2025-12-07",
        "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fr8x-mvjg-wf9q"
      },
      {
        "category": "external",
        "summary": "Nextcloud Security Advisory vom 2025-12-07",
        "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v78-cpfc-v6h2"
      },
      {
        "category": "external",
        "summary": "Nextcloud Security Advisory vom 2025-12-07",
        "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wwr8-hx9g-rjvv"
      }
    ],
    "source_lang": "en-US",
    "title": "Nextcloud (Contacts, Talk, Deck und Twofactor WebAuthn): Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-12-07T23:00:00.000+00:00",
      "generator": {
        "date": "2025-12-08T10:55:03.508+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2757",
      "initial_release_date": "2025-12-07T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-12-07T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Deck \u003c1.14.6",
                "product": {
                  "name": "Nextcloud Nextcloud Deck \u003c1.14.6",
                  "product_id": "T049175"
                }
              },
              {
                "category": "product_version",
                "name": "Deck 1.14.6",
                "product": {
                  "name": "Nextcloud Nextcloud Deck 1.14.6",
                  "product_id": "T049175-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:deck__1.14.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Deck \u003c1.15.2",
                "product": {
                  "name": "Nextcloud Nextcloud Deck \u003c1.15.2",
                  "product_id": "T049176"
                }
              },
              {
                "category": "product_version",
                "name": "Deck 1.15.2",
                "product": {
                  "name": "Nextcloud Nextcloud Deck 1.15.2",
                  "product_id": "T049176-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:deck__1.15.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Contacts \u003c5.5.4",
                "product": {
                  "name": "Nextcloud Nextcloud Contacts \u003c5.5.4",
                  "product_id": "T049177"
                }
              },
              {
                "category": "product_version",
                "name": "Contacts 5.5.4",
                "product": {
                  "name": "Nextcloud Nextcloud Contacts 5.5.4",
                  "product_id": "T049177-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:contacts__5.5.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Contacts \u003c6.0.6",
                "product": {
                  "name": "Nextcloud Nextcloud Contacts \u003c6.0.6",
                  "product_id": "T049178"
                }
              },
              {
                "category": "product_version",
                "name": "Contacts 6.0.6",
                "product": {
                  "name": "Nextcloud Nextcloud Contacts 6.0.6",
                  "product_id": "T049178-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:contacts__6.0.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Contacts \u003c7.2.5",
                "product": {
                  "name": "Nextcloud Nextcloud Contacts \u003c7.2.5",
                  "product_id": "T049179"
                }
              },
              {
                "category": "product_version",
                "name": "Contacts 7.2.5",
                "product": {
                  "name": "Nextcloud Nextcloud Contacts 7.2.5",
                  "product_id": "T049179-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:contacts__7.2.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Twofactor WebAuthn \u003c1.4.2",
                "product": {
                  "name": "Nextcloud Nextcloud Twofactor WebAuthn \u003c1.4.2",
                  "product_id": "T049180"
                }
              },
              {
                "category": "product_version",
                "name": "Twofactor WebAuthn 1.4.2",
                "product": {
                  "name": "Nextcloud Nextcloud Twofactor WebAuthn 1.4.2",
                  "product_id": "T049180-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:twofactor_webauthn__1.4.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Twofactor WebAuthn \u003c2.4.1",
                "product": {
                  "name": "Nextcloud Nextcloud Twofactor WebAuthn \u003c2.4.1",
                  "product_id": "T049181"
                }
              },
              {
                "category": "product_version",
                "name": "Twofactor WebAuthn 2.4.1",
                "product": {
                  "name": "Nextcloud Nextcloud Twofactor WebAuthn 2.4.1",
                  "product_id": "T049181-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:twofactor_webauthn__2.4.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Talk \u003c20.1.8",
                "product": {
                  "name": "Nextcloud Nextcloud Talk \u003c20.1.8",
                  "product_id": "T049182"
                }
              },
              {
                "category": "product_version",
                "name": "Talk 20.1.8",
                "product": {
                  "name": "Nextcloud Nextcloud Talk 20.1.8",
                  "product_id": "T049182-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:talk__20.1.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Talk \u003c21.1.2",
                "product": {
                  "name": "Nextcloud Nextcloud Talk \u003c21.1.2",
                  "product_id": "T049183"
                }
              },
              {
                "category": "product_version",
                "name": "Talk 21.1.2",
                "product": {
                  "name": "Nextcloud Nextcloud Talk 21.1.2",
                  "product_id": "T049183-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nextcloud:nextcloud:talk__21.1.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Nextcloud"
          }
        ],
        "category": "vendor",
        "name": "Nextcloud"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-66554",
      "product_status": {
        "known_affected": [
          "T049179",
          "T049178",
          "T049177"
        ]
      },
      "release_date": "2025-12-07T23:00:00.000+00:00",
      "title": "CVE-2025-66554"
    },
    {
      "cve": "CVE-2025-66556",
      "product_status": {
        "known_affected": [
          "T049183",
          "T049182"
        ]
      },
      "release_date": "2025-12-07T23:00:00.000+00:00",
      "title": "CVE-2025-66556"
    },
    {
      "cve": "CVE-2025-66557",
      "product_status": {
        "known_affected": [
          "T049176",
          "T049175"
        ]
      },
      "release_date": "2025-12-07T23:00:00.000+00:00",
      "title": "CVE-2025-66557"
    },
    {
      "cve": "CVE-2025-66558",
      "product_status": {
        "known_affected": [
          "T049181",
          "T049180"
        ]
      },
      "release_date": "2025-12-07T23:00:00.000+00:00",
      "title": "CVE-2025-66558"
    }
  ]
}

CVE-2025-66558 (GCVE-0-2025-66558)

Vulnerability from cvelistv5 – Published: 2025-12-05 18:00 – Updated: 2025-12-05 18:35

Title

Nextcloud Twofactor WebAuthn app was updated based on public key

Summary

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would then be prompted to register a new device on the next login. The attacker can not authenticate as the victim. This vulnerability is fixed in 1.4.2 and 2.4.1.

Severity ?

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-639 - Authorization Bypass Through User-Controlled Key

Assigner

GitHub_M

References

URL

Tags

	https://github.com/nextcloud/security-advisories/…	x_refsource_CONFIRM
	https://github.com/nextcloud/twofactor_webauthn/p…	x_refsource_MISC
	https://github.com/nextcloud/twofactor_webauthn/c…	x_refsource_MISC
	https://hackerone.com/reports/3360354	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	nextcloud	security-advisories	Affected: < 1.4.2 Affected: >= 2.0.0-beta.1, < 2.4.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66558",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-05T18:35:39.199259Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-05T18:35:53.477Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.4.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0-beta.1, \u003c 2.4.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would then be prompted to register a new device on the next login. The attacker can not authenticate as the victim. This vulnerability is fixed in 1.4.2 and 2.4.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-05T18:00:49.792Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fr8x-mvjg-wf9q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fr8x-mvjg-wf9q"
        },
        {
          "name": "https://github.com/nextcloud/twofactor_webauthn/pull/881",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/twofactor_webauthn/pull/881"
        },
        {
          "name": "https://github.com/nextcloud/twofactor_webauthn/commit/5d2302166d31ee2e01b2e21556bd5372156da13d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/twofactor_webauthn/commit/5d2302166d31ee2e01b2e21556bd5372156da13d"
        },
        {
          "name": "https://hackerone.com/reports/3360354",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/3360354"
        }
      ],
      "source": {
        "advisory": "GHSA-fr8x-mvjg-wf9q",
        "discovery": "UNKNOWN"
      },
      "title": "Nextcloud Twofactor WebAuthn app was updated based on public key"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66558",
    "datePublished": "2025-12-05T18:00:49.792Z",
    "dateReserved": "2025-12-04T16:01:32.473Z",
    "dateUpdated": "2025-12-05T18:35:53.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-66556 (GCVE-0-2025-66556)

Vulnerability from cvelistv5 – Published: 2025-12-05 17:56 – Updated: 2025-12-05 18:09

Title

Nextcloud talk allows participants to blindly delete poll drafts of other users by ID

Summary

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

Severity ?

3.5 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-639 - Authorization Bypass Through User-Controlled Key

Assigner

GitHub_M

References

URL

Tags

	https://github.com/nextcloud/security-advisories/…	x_refsource_CONFIRM
	https://github.com/nextcloud/spreed/pull/15532	x_refsource_MISC
	https://github.com/nextcloud/spreed/commit/bd68e8…	x_refsource_MISC
	https://hackerone.com/reports/3247386	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	nextcloud	security-advisories	Affected: < 20.1.8 Affected: >= 21.0.0-beta.1, < 21.1.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66556",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-05T18:08:50.955809Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-05T18:09:34.326Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 20.1.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 21.0.0-beta.1, \u003c 21.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud talk is a video \u0026 audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-05T17:56:44.463Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vqgg-m2jh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vqgg-m2jh"
        },
        {
          "name": "https://github.com/nextcloud/spreed/pull/15532",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/spreed/pull/15532"
        },
        {
          "name": "https://github.com/nextcloud/spreed/commit/bd68e80d1dea98d84c1d621c2c681238cf041725",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/spreed/commit/bd68e80d1dea98d84c1d621c2c681238cf041725"
        },
        {
          "name": "https://hackerone.com/reports/3247386",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/3247386"
        }
      ],
      "source": {
        "advisory": "GHSA-pr9f-vqgg-m2jh",
        "discovery": "UNKNOWN"
      },
      "title": "Nextcloud talk allows participants to blindly delete poll drafts of other users by ID"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66556",
    "datePublished": "2025-12-05T17:56:44.463Z",
    "dateReserved": "2025-12-04T16:01:32.472Z",
    "dateUpdated": "2025-12-05T18:09:34.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-66554 (GCVE-0-2025-66554)

Vulnerability from cvelistv5 – Published: 2025-12-05 17:50 – Updated: 2025-12-08 19:51

Title

Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field

Summary

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked by the content security policy of the Nextcloud Server code. This vulnerability is fixed in 5.5.4, 6.0.6, and 7.2.5.

Severity ?

3.5 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/nextcloud/security-advisories/…	x_refsource_CONFIRM
	https://github.com/nextcloud/contacts/pull/4619	x_refsource_MISC
	https://github.com/nextcloud/contacts/commit/d954…	x_refsource_MISC
	https://hackerone.com/reports/3293290	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	nextcloud	security-advisories	Affected: >= 7.0.0-alpha.1, < 7.2.5 Affected: >= 6.0.0-alpha1, < 6.0.6 Affected: < 5.5.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66554",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-08T19:50:53.342639Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-08T19:51:03.328Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 7.0.0-alpha.1, \u003c 7.2.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0-alpha1, \u003c 6.0.6"
            },
            {
              "status": "affected",
              "version": "\u003c 5.5.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked by the content security policy of the Nextcloud Server code. This vulnerability is fixed in 5.5.4, 6.0.6, and 7.2.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-05T17:50:59.860Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v78-cpfc-v6h2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v78-cpfc-v6h2"
        },
        {
          "name": "https://github.com/nextcloud/contacts/pull/4619",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/contacts/pull/4619"
        },
        {
          "name": "https://github.com/nextcloud/contacts/commit/d954d098978dde1f121600e8b994e02f293c68b1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/contacts/commit/d954d098978dde1f121600e8b994e02f293c68b1"
        },
        {
          "name": "https://hackerone.com/reports/3293290",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/3293290"
        }
      ],
      "source": {
        "advisory": "GHSA-9v78-cpfc-v6h2",
        "discovery": "UNKNOWN"
      },
      "title": "Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66554",
    "datePublished": "2025-12-05T17:50:59.860Z",
    "dateReserved": "2025-12-04T15:57:22.035Z",
    "dateUpdated": "2025-12-08T19:51:03.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-66557 (GCVE-0-2025-66557)

Vulnerability from cvelistv5 – Published: 2025-12-05 17:28 – Updated: 2025-12-08 20:12

Title

Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners

Summary

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE

CWE-284 - Improper Access Control

Assigner

GitHub_M

References

URL

Tags

	https://github.com/nextcloud/security-advisories/…	x_refsource_CONFIRM
	https://github.com/nextcloud/deck/pull/7131	x_refsource_MISC
	https://github.com/nextcloud/deck/commit/f1da8b30…	x_refsource_MISC
	https://hackerone.com/reports/3247499	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	nextcloud	security-advisories	Affected: >= 1.15.0-beta.1, < 1.15.2 Affected: < 1.14.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66557",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-08T20:12:37.565515Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-08T20:12:45.372Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.15.0-beta.1, \u003c 1.15.2"
            },
            {
              "status": "affected",
              "version": "\u003c 1.14.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with \"Can share\" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-05T17:28:48.642Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wwr8-hx9g-rjvv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wwr8-hx9g-rjvv"
        },
        {
          "name": "https://github.com/nextcloud/deck/pull/7131",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/deck/pull/7131"
        },
        {
          "name": "https://github.com/nextcloud/deck/commit/f1da8b30a455f02373d44154da04494c949a95ae",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/deck/commit/f1da8b30a455f02373d44154da04494c949a95ae"
        },
        {
          "name": "https://hackerone.com/reports/3247499",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/3247499"
        }
      ],
      "source": {
        "advisory": "GHSA-wwr8-hx9g-rjvv",
        "discovery": "UNKNOWN"
      },
      "title": "Nextcloud Deck app allowed user with \"Can share\" permission to modify permissions of other non-owners"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66557",
    "datePublished": "2025-12-05T17:28:48.642Z",
    "dateReserved": "2025-12-04T16:01:32.473Z",
    "dateUpdated": "2025-12-08T20:12:45.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-2757

CVE-2025-66558 (GCVE-0-2025-66558)

CVE-2025-66556 (GCVE-0-2025-66556)

CVE-2025-66554 (GCVE-0-2025-66554)

CVE-2025-66557 (GCVE-0-2025-66557)

Tags

Sightings

Nomenclature