UBUNTU-CVE-2025-66549

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-66549

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-66549.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-66549

Upstream

CVE-2025-66549

Published

2025-12-05T18:15:00Z

Modified

2026-01-20T18:42:02.720583Z

Severity

2.4 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is fixed in 3.16.5.

References

Affected packages

Ubuntu:20.04:LTS / nextcloud-desktop

Package

Name: nextcloud-desktop
Purl: pkg:deb/ubuntu/nextcloud-desktop@2.6.2-1build1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.5.3-1

2.6.0-1

2.6.1-1

2.6.1-2

2.6.2-1

2.6.2-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.6.2-1build1",
            "binary_name": "caja-nextcloud"
        },
        {
            "binary_version": "2.6.2-1build1",
            "binary_name": "dolphin-nextcloud"
        },
        {
            "binary_version": "2.6.2-1build1",
            "binary_name": "libnextcloudsync-dev"
        },
        {
            "binary_version": "2.6.2-1build1",
            "binary_name": "libnextcloudsync0"
        },
        {
            "binary_version": "2.6.2-1build1",
            "binary_name": "nautilus-nextcloud"
        },
        {
            "binary_version": "2.6.2-1build1",
            "binary_name": "nemo-nextcloud"
        },
        {
            "binary_version": "2.6.2-1build1",
            "binary_name": "nextcloud-desktop"
        },
        {
            "binary_version": "2.6.2-1build1",
            "binary_name": "nextcloud-desktop-cmd"
        },
        {
            "binary_version": "2.6.2-1build1",
            "binary_name": "nextcloud-desktop-common"
        },
        {
            "binary_version": "2.6.2-1build1",
            "binary_name": "nextcloud-desktop-l10n"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-66549.json"

Ubuntu:22.04:LTS / nextcloud-desktop

Package

Name: nextcloud-desktop
Purl: pkg:deb/ubuntu/nextcloud-desktop@3.4.2-1ubuntu1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.3-0ubuntu1

3.3.5-1

3.3.5-1ubuntu1

3.4.2-1

3.4.2-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.4.2-1ubuntu1",
            "binary_name": "caja-nextcloud"
        },
        {
            "binary_version": "3.4.2-1ubuntu1",
            "binary_name": "dolphin-nextcloud"
        },
        {
            "binary_version": "3.4.2-1ubuntu1",
            "binary_name": "libnextcloudsync-dev"
        },
        {
            "binary_version": "3.4.2-1ubuntu1",
            "binary_name": "libnextcloudsync0"
        },
        {
            "binary_version": "3.4.2-1ubuntu1",
            "binary_name": "nautilus-nextcloud"
        },
        {
            "binary_version": "3.4.2-1ubuntu1",
            "binary_name": "nemo-nextcloud"
        },
        {
            "binary_version": "3.4.2-1ubuntu1",
            "binary_name": "nextcloud-desktop"
        },
        {
            "binary_version": "3.4.2-1ubuntu1",
            "binary_name": "nextcloud-desktop-cmd"
        },
        {
            "binary_version": "3.4.2-1ubuntu1",
            "binary_name": "nextcloud-desktop-common"
        },
        {
            "binary_version": "3.4.2-1ubuntu1",
            "binary_name": "nextcloud-desktop-l10n"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-66549.json"

Ubuntu:24.04:LTS / nextcloud-desktop

Package

Name: nextcloud-desktop
Purl: pkg:deb/ubuntu/nextcloud-desktop@3.11.0-1.1build4?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.9.0-1

3.10.0-1

3.11.0-1

3.11.0-1.1build3

3.11.0-1.1build4

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.11.0-1.1build4",
            "binary_name": "caja-nextcloud"
        },
        {
            "binary_version": "3.11.0-1.1build4",
            "binary_name": "dolphin-nextcloud"
        },
        {
            "binary_version": "3.11.0-1.1build4",
            "binary_name": "libnextcloudsync-dev"
        },
        {
            "binary_version": "3.11.0-1.1build4",
            "binary_name": "libnextcloudsync0t64"
        },
        {
            "binary_version": "3.11.0-1.1build4",
            "binary_name": "nautilus-nextcloud"
        },
        {
            "binary_version": "3.11.0-1.1build4",
            "binary_name": "nemo-nextcloud"
        },
        {
            "binary_version": "3.11.0-1.1build4",
            "binary_name": "nextcloud-desktop"
        },
        {
            "binary_version": "3.11.0-1.1build4",
            "binary_name": "nextcloud-desktop-cmd"
        },
        {
            "binary_version": "3.11.0-1.1build4",
            "binary_name": "nextcloud-desktop-common"
        },
        {
            "binary_version": "3.11.0-1.1build4",
            "binary_name": "nextcloud-desktop-l10n"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-66549.json"