CVE-2025-66547 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
GitHub_M	CNA	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-639 - Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Vulnerability Media Exposure

[GERMAN] Nextcloud: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Nextcloud ausnutzen, um Dateien zu manipulieren, um Informationen offenzulegen, um einen Cross-Site Scripting Angriff durchzuführen, um Sicherheitsvorkehrungen zu umgehen, und um falsche Informationen darzustellen.
Published: 2025-12-04T23:00:00+00:00

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hq6c-r898-fgf2

https://github.com/nextcloud/server/commit/b44f1568f2dc97c746281d99e2342ad679e3d8a9

https://github.com/nextcloud/server/issues/51247

https://github.com/nextcloud/server/pull/51288

https://hackerone.com/reports/3040887