CVE-2025-66551

Summary

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories>= 0.9.0-beta.1, < 0.9.3affected
nextcloudsecurity-advisories< 0.8.6affected

Weaknesses

  • CWE-639: CWE-639: Authorization Bypass Through User-Controlled Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References