CVE-2025-66515

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another users file into the pending approval without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
GitHub_MCNA
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
nextcloudapproval
1.0.0 ≤
𝑥
< 1.3.1
nextcloudapproval
2.0.0 ≤
𝑥
< 2.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/nextcloud/approval/commit/e30b56b7832255311ac800b7875f44866e88fff4
https://github.com/nextcloud/approval/pull/334
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q26g-fmjq-x5g5
https://hackerone.com/reports/3338748