CVE-2025-66547
- Source
- https://cve.org/CVERecord?id=CVE-2025-66547
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66547.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-66547
- Aliases
-
- GHSA-hq6c-r898-fgf2
- Published
- 2025-12-05T16:32:17.359Z
- Modified
- 2026-04-02T13:02:21.622144Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- Nextcloud Server users can modify tags on files that do not belong to them
- Details
-
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.
- Database specific
{ "cwe_ids": [ "CWE-639" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66547.json", "cna_assigner": "GitHub_M" }- References
-
- https://hackerone.com/reports/3040887
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66547.json
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hq6c-r898-fgf2
- https://nvd.nist.gov/vuln/detail/CVE-2025-66547
- https://github.com/nextcloud/server/issues/51247
- https://github.com/nextcloud/server/commit/b44f1568f2dc97c746281d99e2342ad679e3d8a9
- https://github.com/nextcloud/server/pull/51288