Nextcloud Tables app share information not limited to relevant users

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Description

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.

Basic Information

ID CVE-2025-66513

Source GitHub_M

Published Dec 5, 2025 at 17:11

Modified Dec 5, 2025 at 18:46

Affected Product

Vendor nextcloud

Product security-advisories

Version >= 1.0.0-beta.1, < 1.0.1

Affected Versions nextcloud security-advisories >= 1.0.0-beta.1, < 1.0.1
nextcloud security-advisories >= 0.9.0-beta.1, < 0.9.6
nextcloud security-advisories < 0.8.9

CWE Classification

CWE-639

References

{
    "lastseen": "",
    "description": "Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.",
    "published": "2025-12-05T17:11:19.774Z",
    "modified": "2025-12-05T18:46:33.645Z",
    "type": "cve",
    "title": "Nextcloud Tables app share information not limited to relevant users",
    "source": "GitHub_M",
    "references": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2cwj-qp49-4xfw\nhttps://github.com/nextcloud/tables/pull/2148\nhttps://github.com/nextcloud/tables/commit/b92b9560b1e70a02b103a7aeb9e22e2ab5231873\nhttps://hackerone.com/reports/3334165",
    "id": "CVE-2025-66513",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "nextcloud security-advisories >= 1.0.0-beta.1, < 1.0.1\nnextcloud security-advisories >= 0.9.0-beta.1, < 0.9.6\nnextcloud security-advisories < 0.8.9",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "security-advisories",
    "version": ">= 1.0.0-beta.1, < 1.0.1",
    "vendor": "nextcloud",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Nextcloud Tables app share information not limited to relevant users_CVE-2025-66513