{“lastseen”:””,”description”:”Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts.”,”published”:”2025-12-05T16:18:53.699Z”,”modified”:”2025-12-05T20:02:53.678Z”,”type”:”cve”,”title”:”Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyond their contact list”,”source”:”GitHub_M”,”references”:”https:\/\/github.com\/nextcloud\/security-advisories\/security\/advisories\/GHSA-495w-cqv6-wr59\\nhttps:\/\/github.com\/nextcloud\/server\/pull\/55657\\nhttps:\/\/github.com\/nextcloud\/server\/commit\/e4866860cbf24a746eb8a125587262a4c8831c57″,”id”:”CVE-2025-66510″,”bulletinFamily”:””,”cwe”:[“CWE-359″],”cvelist”:null,”sourceData”:”nextcloud security-advisories \\u003e= 32.0.0beta1, \\u003c 32.0.1\\nnextcloud security-advisories \\u003c 31.0.10″,”sourceHref”:””,”cvss”:{“score”:4.5,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:R\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”security-advisories”,”version”:”\\u003e= 32.0.0beta1, \\u003c 32.0.1″,”vendor”:”nextcloud”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,139,12,21,13,7,11,5],"class_list":["post-28979","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-45","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n