CNNVD-202512-2333 Information

CNNVD ID

CNNVD-202512-2333

Related CVE

CVE-2025-64011

• CNNVD Published: 2025-12-12

Description (Chinese)

Nextcloud Server是Nextcloud开源的一个Nextcloud服务器程序。 Nextcloud Server 30.0.0版本存在安全漏洞，该漏洞源于/core/preview端点存在不安全的直接对象引用，可能导致未授权访问敏感数据。

Description (English)

Nextcloud Server is a Nextcloud server that is an open source for Nextcloud. There is a security loophole in Nextcloud Server 30.0.0, which stems from the presence of unsafe direct-object references at the /core/preview endpoint, which may lead to unauthorized access to sensitive data.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Nextcloud

Published

2025-12-12

Last Modified

2026-02-24

References

https://drive.google.com/file/d/1eD3PN-u1caZYgGH96XHmJ7h_OBXEAHW4/view?usp=sharing https://gist.github.com/tarekramm/586dfe2d113fedfee6d71182570fc090 https://nextcloud.com