CVE-2025-66556

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vqgg-m2jh	Patch Vendor Advisory
https://github.com/nextcloud/spreed/commit/bd68e80d1dea98d84c1d621c2c681238cf041725	Patch
https://github.com/nextcloud/spreed/pull/15532	Issue Tracking Patch
https://hackerone.com/reports/3247386	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:talk::::::::
	cpe:2.3:a:nextcloud:talk::::::::

History

09 Dec 2025, 16:52

Type	Values Removed	Values Added
References	~~() https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vqgg-m2jh -~~	() https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vqgg-m2jh - Patch, Vendor Advisory
References	~~() https://github.com/nextcloud/spreed/commit/bd68e80d1dea98d84c1d621c2c681238cf041725 -~~	() https://github.com/nextcloud/spreed/commit/bd68e80d1dea98d84c1d621c2c681238cf041725 - Patch
References	~~() https://github.com/nextcloud/spreed/pull/15532 -~~	() https://github.com/nextcloud/spreed/pull/15532 - Issue Tracking, Patch
References	~~() https://hackerone.com/reports/3247386 -~~	() https://hackerone.com/reports/3247386 - Issue Tracking, Vendor Advisory
First Time		Nextcloud talk Nextcloud
CPE		cpe:2.3:a:nextcloud:talk::::::::

05 Dec 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-05 18:15

Updated : 2025-12-09 16:52

NVD link : CVE-2025-66556

Mitre link : CVE-2025-66556

CVE.ORG link : CVE-2025-66556

JSON object : View

Products Affected

nextcloud

talk

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2025-66556", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-12-05T18:15:58.803", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vqgg-m2jh", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/spreed/commit/bd68e80d1dea98d84c1d621c2c681238cf041725", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/spreed/pull/15532", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://hackerone.com/reports/3247386", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2."}], "lastModified": "2025-12-09T16:52:34.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D5909D1-F39C-4C41-906C-2D2A7C830F0A", "versionEndExcluding": "20.1.8", "versionStartIncluding": "20.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2E99EC0-4563-4497-A72C-52C97089F7E1", "versionEndExcluding": "21.1.2", "versionStartIncluding": "21.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}