CVE-2025-66513

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2cwj-qp49-4xfw	Patch Vendor Advisory
https://github.com/nextcloud/tables/commit/b92b9560b1e70a02b103a7aeb9e22e2ab5231873	Patch
https://github.com/nextcloud/tables/pull/2148	Issue Tracking Patch
https://hackerone.com/reports/3334165	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:tables::::::nextcloud::*
	cpe:2.3:a:nextcloud:tables::::::nextcloud::*
	cpe:2.3:a:nextcloud:tables::::::nextcloud::*

History

09 Dec 2025, 19:32

Type	Values Removed	Values Added
References	~~() https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2cwj-qp49-4xfw -~~	() https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2cwj-qp49-4xfw - Patch, Vendor Advisory
References	~~() https://github.com/nextcloud/tables/commit/b92b9560b1e70a02b103a7aeb9e22e2ab5231873 -~~	() https://github.com/nextcloud/tables/commit/b92b9560b1e70a02b103a7aeb9e22e2ab5231873 - Patch
References	~~() https://github.com/nextcloud/tables/pull/2148 -~~	() https://github.com/nextcloud/tables/pull/2148 - Issue Tracking, Patch
References	~~() https://hackerone.com/reports/3334165 -~~	() https://hackerone.com/reports/3334165 - Issue Tracking, Vendor Advisory
First Time		Nextcloud Nextcloud tables
CPE		cpe:2.3:a:nextcloud:tables::::::nextcloud::*

05 Dec 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-05 18:15

Updated : 2025-12-09 19:32

NVD link : CVE-2025-66513

Mitre link : CVE-2025-66513

CVE.ORG link : CVE-2025-66513

JSON object : View

Products Affected

nextcloud

tables

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2025-66513", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-12-05T18:15:57.290", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2cwj-qp49-4xfw", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/tables/commit/b92b9560b1e70a02b103a7aeb9e22e2ab5231873", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/tables/pull/2148", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://hackerone.com/reports/3334165", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1."}], "lastModified": "2025-12-09T19:32:45.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:tables:*:*:*:*:*:nextcloud:*:*", "vulnerable": true, "matchCriteriaId": "660CDECE-2C04-490D-B390-8A8764174EF8", "versionEndExcluding": "0.8.9", "versionStartIncluding": "0.6.0"}, {"criteria": "cpe:2.3:a:nextcloud:tables:*:*:*:*:*:nextcloud:*:*", "vulnerable": true, "matchCriteriaId": "3F92B80C-0013-4D20-8169-5768D304E90C", "versionEndExcluding": "0.9.6", "versionStartIncluding": "0.9.0"}, {"criteria": "cpe:2.3:a:nextcloud:tables:*:*:*:*:*:nextcloud:*:*", "vulnerable": true, "matchCriteriaId": "AAC1DF9A-DBB3-41A0-B346-6791477C6EC2", "versionEndExcluding": "1.0.1", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}