Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-66513

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.

Published

2025-12-05T18:15:57.290

Last Modified

2025-12-09T19:32:45.847

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	tables	< 0.8.9	Yes
Application	nextcloud	tables	< 0.9.6	Yes
Application	nextcloud	tables	< 1.0.1	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2cwj-qp49-4xfw Patch, Vendor Advisory ([email protected])
https://github.com/nextcloud/tables/commit/b92b9560b1e70a02b103a7aeb9e22e2ab5231873 Patch ([email protected])
https://github.com/nextcloud/tables/pull/2148 Issue Tracking, Patch ([email protected])
https://hackerone.com/reports/3334165 Issue Tracking, Vendor Advisory ([email protected])