CVE-2025-59716

EPSS 0.03%
Veröffentlicht 05.11.2025 00:00:00
Zuletzt bearbeitet 06.11.2025 19:45:30
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user rather than a non-existent user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.078

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

https://github.com/owncloud/guests

https://yeswehack.com/reports/411806

https://marketplace.owncloud.com/apps/guests

https://gist.github.com/thesmartshadow/64ae0449e909174d0479a4f23657147f

https://nvd.nist.gov/vuln/detail/CVE-2025-59716

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59716

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59716

EUVD