Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-66556

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

Published

2025-12-05T18:15:58.803

Last Modified

2025-12-09T16:52:34.963

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.5 (LOW)

Weaknesses

Type: Secondary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	talk	< 20.1.8	Yes
Application	nextcloud	talk	< 21.1.2	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vqgg-m2jh Patch, Vendor Advisory ([email protected])
https://github.com/nextcloud/spreed/commit/bd68e80d1dea98d84c1d621c2c681238cf041725 Patch ([email protected])
https://github.com/nextcloud/spreed/pull/15532 Issue Tracking, Patch ([email protected])
https://hackerone.com/reports/3247386 Issue Tracking, Vendor Advisory ([email protected])