216.73.217.64

CVE-2025-66512

· Published 05/12/2025 17:16 · Modified 09/12/2025 16:38

Labels: CVE-2025-66512 2025-12-05CVE-2025-66512CWE-79CWE-80[email protected]

Essential information

Published
05/12/2025 17:16
Modified
09/12/2025 16:38
Author
Creator
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CVSS metrics

Description

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
nextcloud / nextcloud server cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
nextcloud / nextcloud server cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
nextcloud / nextcloud server cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
nextcloud / nextcloud server cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*

References