CVE-2025-47792

EPSS 0.01%
Veröffentlicht 16.05.2025 14:13:53
Zuletzt bearbeitet 08.09.2025 21:22:39
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nextcloud ≫ Desktop Version < 3.15.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.011

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	1.8	4.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
security-advisories@github.com	5	0.8	4.2	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qm2f-959g-7p65

Third Party Advisory

https://github.com/nextcloud/desktop/pull/7517

Patch

https://hackerone.com/reports/1995856

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2025-47792

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-47792

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-47792

EUVD