CVE-2025-47794

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.

CVSS v3 2.6 LOW

2.6^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q568-2933-gcjq	Vendor Advisory
https://github.com/nextcloud/server/pull/51194	Issue Tracking
https://hackerone.com/reports/1960647	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*

History

No history.

Information

Published : 2025-05-16 15:15

Updated : 2025-09-30 19:37

NVD link : CVE-2025-47794

Mitre link : CVE-2025-47794

CVE.ORG link : CVE-2025-47794

JSON object : View

Products Affected

nextcloud

nextcloud_server

CWE

CWE-284

Improper Access Control

NVD-CWE-noinfo

{"id": "CVE-2025-47794", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-05-16T15:15:48.213", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q568-2933-gcjq", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/nextcloud/server/pull/51194", "tags": ["Issue Tracking"], "source": "[email protected]"}, {"url": "https://hackerone.com/reports/1960647", "tags": ["Permissions Required"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available."}, {"lang": "es", "value": "Nextcloud Server es un sistema de nube personal autoalojado. En Nextcloud Server anteriores a las versiones 29.0.13, 30.0.7 y 31.0.1, y en Nextcloud Enterprise Server anteriores a las versiones 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7 y 31.0.1, un atacante en un sistema multiusuario podr\u00eda leer archivos temporales de Nextcloud con una cuenta de usuario diferente o ejecutar un ataque de enlace simb\u00f3lico. Las versiones 29.0.13, 30.0.7 y 31.0.1 de Nextcloud Server y las versiones 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7 y 31.0.1 de Nextcloud Server solucionan el problema. No se conocen workarounds disponibles."}], "lastModified": "2025-09-30T19:37:40.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "A19CDEA0-5A9C-4FC7-96EA-86C5B92FC878", "versionEndExcluding": "26.0.13.13", "versionStartIncluding": "26.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "007088B7-28CC-485B-AA3B-BB1557AA4C46", "versionEndExcluding": "27.1.11.13", "versionStartIncluding": "27.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "28B82423-C680-4F16-8115-035209CD8B49", "versionEndExcluding": "28.0.14.4", "versionStartIncluding": "28.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "1690D3BB-8E12-4E59-BC20-C0324D5A0512", "versionEndExcluding": "29.0.13", "versionStartIncluding": "29.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "F37D15F4-E32F-4E51-8AB7-89C2D78CFB4A", "versionEndExcluding": "29.0.13", "versionStartIncluding": "29.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "81570AC8-0168-4AB6-BE17-1830CC019A6B", "versionEndExcluding": "30.0.7", "versionStartIncluding": "30.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "310DE665-C910-4899-84F6-566E52EC4515", "versionEndExcluding": "30.0.7", "versionStartIncluding": "30.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "D8631F6B-EED4-4B47-84C3-7BC63464AC15", "versionEndExcluding": "31.0.1", "versionStartIncluding": "31.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "52B7D78F-BCCC-4178-BB21-AB9587D11386", "versionEndExcluding": "31.0.1", "versionStartIncluding": "31.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}