216.73.217.172

CVE-2025-66550

· Published 05/12/2025 17:16 · Modified 10/12/2025 14:13

Labels: CVE-2025-66550 2025-12-05CVE-2025-66550CWE-241[email protected]

Essential information

Published
05/12/2025 17:16
Modified
10/12/2025 14:13
Author
Creator
CVSS
5.7 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

CVSS metrics

Description

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This vulnerability is fixed in 4.7.17 and 5.2.4.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
nextcloud / calendar cpe:2.3:a:nextcloud:calendar:*:*:*:*:*:*:*:*
nextcloud / calendar cpe:2.3:a:nextcloud:calendar:*:*:*:*:*:*:*:*

References