6.5
CVE-2025-66511
- EPSS 0.02%
- Veröffentlicht 05.12.2025 16:42:30
- Zuletzt bearbeitet 10.12.2025 16:14:27
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Nextcloud Calendar app used predictable proposal participant tokens
Calendar app used predictable proposal participant tokens
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The tokens are not purely random generated. This vulnerability is fixed in 6.0.3.
Mögliche Gegenmaßnahme
Calendar: * Disable Calendar app
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemNextcloud App
≫
Produkt
Calendar
Version
>= 6.0.0, < 6.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.067 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| security-advisories@github.com | 4.8 | 2.2 | 2.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.