CVE-2025-47794

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.

CVSS v3 2.6 LOW

2.6^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q568-2933-gcjq	Vendor Advisory
https://github.com/nextcloud/server/pull/51194	Issue Tracking
https://hackerone.com/reports/1960647	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*

History

30 Sep 2025, 19:37

Type	Values Removed	Values Added
References	~~() https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q568-2933-gcjq -~~	() https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q568-2933-gcjq - Vendor Advisory
References	~~() https://github.com/nextcloud/server/pull/51194 -~~	() https://github.com/nextcloud/server/pull/51194 - Issue Tracking
References	~~() https://hackerone.com/reports/1960647 -~~	() https://hackerone.com/reports/1960647 - Permissions Required
CPE		cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::* cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
First Time		Nextcloud nextcloud Server Nextcloud
CWE		NVD-CWE-noinfo

19 May 2025, 13:35

Type	Values Removed	Values Added
Summary		(es) Nextcloud Server es un sistema de nube personal autoalojado. En Nextcloud Server anteriores a las versiones 29.0.13, 30.0.7 y 31.0.1, y en Nextcloud Enterprise Server anteriores a las versiones 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7 y 31.0.1, un atacante en un sistema multiusuario podría leer archivos temporales de Nextcloud con una cuenta de usuario diferente o ejecutar un ataque de enlace simbólico. Las versiones 29.0.13, 30.0.7 y 31.0.1 de Nextcloud Server y las versiones 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7 y 31.0.1 de Nextcloud Server solucionan el problema. No se conocen workarounds disponibles.

16 May 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-16 15:15

Updated : 2025-09-30 19:37

NVD link : CVE-2025-47794

Mitre link : CVE-2025-47794

CVE.ORG link : CVE-2025-47794

JSON object : View

Products Affected

nextcloud

nextcloud_server

CWE

CWE-284

Improper Access Control

NVD-CWE-noinfo

2.6 /10