CVE-2025-66556

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-66556
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66556.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-66556
Aliases
  • GHSA-pr9f-vqgg-m2jh
Published
2025-12-05T17:56:44.463Z
Modified
2026-02-16T02:15:46.193814Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Nextcloud talk allows participants to blindly delete poll drafts of other users by ID
Details

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-639"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66556.json"
}
References

Affected packages

Git / github.com/nextcloud/spreed

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/spreed
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bb3c86fb5f157515a5153d8fb3d866f3ff26d324
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "20.1.8"
        }
    ]
}
Type
GIT
Repo
https://github.com/nextcloud/spreed
Events
Introduced
f441b4a3222a16c80a5dae745d746a9cdbdf7c23
Fixed
f0cbee3e38b5ddd943fa9027d0bacfa4d1b05fd8
Database specific 
{
    "versions": [
        {
            "introduced": "21.0.0-beta.1"
        },
        {
            "fixed": "21.1.2"
        }
    ]
}

Affected versions

v1.*
v1.0.21
v1.0.22
v1.1
v1.1.2
v1.2
v10.*
v10.0.0-beta.1
v10.0.0-beta.2
v10.0.0-rc.1
v11.*
v11.0.0-alpha.1
v11.0.0-alpha.2
v11.0.0-alpha.3
v11.0.0-alpha.4
v12.*
v12.0.0-alpha.1
v12.0.0-alpha.2
v12.0.0-alpha.3
v14.*
v14.0.0-beta.1
v14.0.0-rc.1
v15.*
v15.0.0-beta.1
v15.0.0-beta.2
v15.0.0-beta.3
v15.0.0-beta.4
v16.*
v16.0.0-beta.1
v16.0.0-beta.2
v16.0.0-rc.1
v17.*
v17.0.0-beta.1
v17.0.0-beta.2
v17.0.0-beta.3
v17.0.0-rc.1
v18.*
v18.0.0-beta.1
v18.0.0-beta.2
v18.0.0-beta.3
v19.*
v19.0.0-beta.1
v19.0.0-beta.2
v19.0.0-beta.3
v19.0.0-beta.4
v19.0.0-beta.5
v2.*
v2.0.0
v2.9.0
v2.9.1
v20.*
v20.0.0
v20.0.0-beta.1
v20.0.0-beta.2
v20.0.0-beta.3
v20.0.0-rc.1
v20.0.0-rc.2
v20.0.0-rc.3
v20.0.0-rc.4
v20.0.0-rc.5
v20.0.1
v20.1.0
v20.1.0-rc.1
v20.1.0-rc.2
v20.1.0-rc.3
v20.1.1
v20.1.2
v20.1.3
v20.1.4
v20.1.5
v20.1.6
v20.1.7
v21.*
v21.0.0
v21.0.0-beta.1
v21.0.0-beta.2
v21.0.0-rc.1
v21.0.0-rc.2
v21.0.0-rc.3
v21.0.0-rc.4
v21.0.0-rc.5
v21.0.1
v21.0.2
v21.1.0
v21.1.0-rc.1
v21.1.0-rc.2
v21.1.0-rc.3
v21.1.0-rc.4
v21.1.1
v3.*
v3.0.0
v3.0.1
v3.99.10
v3.99.11
v3.99.12
v3.99.8
v4.*
v4.0.0
v4.99.5
v5.*
v5.99.10
v6.*
v6.0.0-rc.1
v6.0.0-rc.2
v7.*
v7.0.0-beta.1
v8.*
v8.0.0
v8.0.0-alpha.1
v8.0.0-alpha.2
v8.0.0-alpha.3
v8.0.0-alpha.4
v8.0.0-alpha.5
v8.0.0-alpha.6
v9.*
v9.0.0-beta.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66556.json"

Git / github.com/nextcloud/talk-android

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/talk-android
Events
Introduced
faab93eba03a6e803c3a071b83321312da6b3649
Fixed
fae5c7188d275c4203667f0bf0164d5b97e80a59

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66556.json"