216.73.217.64

CVE-2025-66548

· Published 05/12/2025 18:15 · Modified 09/12/2025 19:01

Labels: CVE-2025-66548 2025-12-05CVE-2025-66548CWE-116[email protected]

Essential information

Published
05/12/2025 18:15
Modified
09/12/2025 19:01
Author
Creator
CVSS
3.3 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS metrics

Description

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension than what is displayed. This vulnerability is fixed in 1.12.7, 1.14.4, and 1.15.1.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
nextcloud / deck cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
nextcloud / deck cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
nextcloud / deck cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

References