CVE-2025-47792
- Source
- https://cve.org/CVERecord?id=CVE-2025-47792
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47792.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-47792
- Aliases
-
- GHSA-qm2f-959g-7p65
- Downstream
- Published
- 2025-05-16T14:13:53.209Z
- Modified
- 2026-04-10T05:27:35.689520Z
- Severity
-
- 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N CVSS Calculator
- Summary
- Nextcloud Desktop 3rdparty applications can create share links via socket API
- Details
-
Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available.
- Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/47xxx/CVE-2025-47792.json", "cwe_ids": [ "CWE-284" ] }- References
-
- https://hackerone.com/reports/1995856
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/47xxx/CVE-2025-47792.json
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qm2f-959g-7p65
- https://nvd.nist.gov/vuln/detail/CVE-2025-47792
- https://github.com/nextcloud/desktop/pull/7517
Affected packages
Git / github.com/nextcloud/desktop
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nextcloud/desktop
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.0.2
v1.*
v1.1.0
v1.1.0-beta1
v1.1.2
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.3.0-beta1
v1.3.0-beta2
v1.3.0-beta3
v1.4.0
v1.4.0-beta1
v1.4.0-beta2
v1.4.0-rc1
v1.5.0
v1.5.0-beta1
v1.5.0-beta1-2nd
v1.5.0-beta2
v1.5.0-beta3
v1.5.1-rc1
v1.6.0
v1.6.0-beta1
v1.6.0-beta2
v1.6.0-rc1
v1.6.0-rc2
v1.6.0-rc3
v1.8.0-beta1
v1.8.0-beta1a
v2.*
v2.5.0
v2.5.0-beta1
v2.5.0-beta2
v2.5.0-rc1
v2.5.0-rc2
v2.5.1
v2.5.2
v2.5.2-rc1
v2.5.3-rc1
v2.5.3-rc2
v2.7.0-beta1
v2.7.0-beta2
v2.7.0-beta3
v2.7.0-rc1
v3.*
v3.1.0
v3.1.0-rc1
v3.1.0-rc2
v3.2.0-rc1
v3.2.0-rc2
v3.2.0-rc3
v3.3.0
v3.3.0-rc1
v3.3.0-rc2
v3.4.0-do-not-use
v3.4.0-rc1
v3.4.0-rc2
v3.5.0
v3.5.0-rc1
v3.5.0-rc2
v3.5.0-rc3
v3.5.0-rc4
v3.6.0
v3.6.0-rc1
v3.6.0-rc2