CVE-2025-66551 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L
GitHub_M	CNA	6.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-639 - Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Vulnerability Media Exposure

[GERMAN] Nextcloud: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Nextcloud ausnutzen, um Dateien zu manipulieren, um Informationen offenzulegen, um einen Cross-Site Scripting Angriff durchzuführen, um Sicherheitsvorkehrungen zu umgehen, und um falsche Informationen darzustellen.
Published: 2025-12-04T23:00:00+00:00

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w787-vwqp-8wr7

https://github.com/nextcloud/tables/commit/39f24a62fb41fd7a8bda65325f8bbafdc91c731c

https://github.com/nextcloud/tables/pull/1810

https://hackerone.com/reports/3137895