CVE-2025-66515

EUVD-2025-201457
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
GitHub_MCNA
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
nextcloudapproval
1.0.0 ≤
𝑥
< 1.3.1
nextcloudapproval
2.0.0 ≤
𝑥
< 2.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/nextcloud/approval/commit/e30b56b7832255311ac800b7875f44866e88fff4
https://github.com/nextcloud/approval/pull/334
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q26g-fmjq-x5g5
https://hackerone.com/reports/3338748