4.9
CVE-2025-66510
- EPSS 0.03%
- Veröffentlicht 05.12.2025 16:18:53
- Zuletzt bearbeitet 10.12.2025 16:12:34
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 28.0.0 < 28.0.14.11
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 29.0.0 < 29.0.16.8
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 30.0.0 < 30.0.17.3
Nextcloud ≫ Nextcloud Server SwEdition- Version >= 31.0.0 < 31.0.10
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 31.0.0 < 31.0.10
Nextcloud ≫ Nextcloud Server SwEdition- Version >= 32.0.0 < 32.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.077 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| security-advisories@github.com | 4.5 | 0.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
|
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.