CVE-2025-66513
Last modified
CVE-2025-66513 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Tables | >= 0.6.0, < 0.8.9 |
| Nextcloud | Tables | >= 0.9.0, < 0.9.6 |
| Nextcloud | Tables | >= 1.0.0, < 1.0.1 |
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2cwj-qp49-4xfwPatch, Vendor Advisory
- https://github.com/nextcloud/tables/pull/2148Issue Tracking, Patch
- https://hackerone.com/reports/3334165Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-66513?
How severe is CVE-2025-66513?
How do I fix CVE-2025-66513?
Are you affected by CVE-2025-66513?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST