4.3

CVE-2025-47794

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NextcloudNextcloud Server SwEditionenterprise Version >= 26.0.0 < 26.0.13.13
NextcloudNextcloud Server SwEditionenterprise Version >= 27.0.0 < 27.1.11.13
NextcloudNextcloud Server SwEditionenterprise Version >= 28.0.0 < 28.0.14.4
NextcloudNextcloud Server SwEdition- Version >= 29.0.0 < 29.0.13
NextcloudNextcloud Server SwEditionenterprise Version >= 29.0.0 < 29.0.13
NextcloudNextcloud Server SwEdition- Version >= 30.0.0 < 30.0.7
NextcloudNextcloud Server SwEditionenterprise Version >= 30.0.0 < 30.0.7
NextcloudNextcloud Server SwEdition- Version >= 31.0.0 < 31.0.1
NextcloudNextcloud Server SwEditionenterprise Version >= 31.0.0 < 31.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.063
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
security-advisories@github.com 2.6 1.2 1.4
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.