CVE-2025-47792

Sažetak

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available.

Reference

https://github.com/nextcloud/desktop/pull/7517
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qm2f-959g-7p65
https://hackerone.com/reports/1995856

CVSS

Base:	5.0
Impact:	4.2
Exploitability:	0.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

19-05-2025 - 13:35

Objavljeno

16-05-2025 - 15:15