CVE-2025-58051

Summary

Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leaked to the user. It is recommended that the Nextcloud Tables app is upgraded to 0.7.6, 0.8.8 or 0.9.5.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories>= 0.7.0, < 0.7.6affected
nextcloudsecurity-advisories>= 0.8.0, < 0.8.8affected
nextcloudsecurity-advisories>= 0.9.0, < 0.9.5affected

Weaknesses

  • CWE-841: CWE-841: Improper Enforcement of Behavioral Workflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References