CVE-2025-66513

Sažetak

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.

Reference

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2cwj-qp49-4xfw
https://github.com/nextcloud/tables/commit/b92b9560b1e70a02b103a7aeb9e22e2ab5231873
https://github.com/nextcloud/tables/pull/2148
https://hackerone.com/reports/3334165

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

09-12-2025 - 19:32

Objavljeno

05-12-2025 - 18:15