CVE-2025-66553
- Source
- https://cve.org/CVERecord?id=CVE-2025-66553
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66553.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-66553
- Aliases
-
- GHSA-p53h-6294-crjw
- Published
- 2025-12-05T17:18:09.776Z
- Modified
- 2026-04-10T05:34:27.047296Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Nextcloud Tables app allowed users to view columns metadata information of any table
- Details
-
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4.
- Database specific
{ "cwe_ids": [ "CWE-639" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66553.json" }- References
-
- https://hackerone.com/reports/3138721
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66553.json
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p53h-6294-crjw
- https://nvd.nist.gov/vuln/detail/CVE-2025-66553
- https://github.com/nextcloud/tables/commit/e975f5bfedb6922f04cdd236cde4e26067fe064e
- https://github.com/nextcloud/tables/pull/1891
Affected packages
Git / github.com/nextcloud/tables
Affected ranges
Affected versions
v0.*
v0.2.2rc1
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.4.0
v0.5.0
v0.5.1
v0.6.0
v0.6.0-beta.1
v0.6.0-beta.2
v0.6.0-beta.3
v0.6.0-beta.4
v0.7.0
v0.7.0-beta.1
v0.7.0-beta.2
v0.7.0-beta.3
v0.8.0-beta.1
v0.8.0-beta.2
v0.8.0-beta.3
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.0-beta.1
v0.9.0-beta.2
v0.9.1
v0.9.2
v0.9.3