Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-66553

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4.

Published

2025-12-05T18:15:58.460

Last Modified

2025-12-09T17:03:18.813

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	tables	< 0.8.7	Yes
Application	nextcloud	tables	< 0.9.4	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p53h-6294-crjw Patch, Vendor Advisory ([email protected])
https://github.com/nextcloud/tables/commit/e975f5bfedb6922f04cdd236cde4e26067fe064e Patch ([email protected])
https://github.com/nextcloud/tables/pull/1891 Issue Tracking ([email protected])
https://hackerone.com/reports/3138721 Issue Tracking, Vendor Advisory ([email protected])