CNNVD-202512-654 Information

CNNVD ID

CNNVD-202512-654

Related CVE

CVE-2025-66515

• CNNVD Published: 2025-12-05

Description (Chinese)

Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud存在授权问题漏洞，该漏洞源于请求者可将他人文件设置为待批准状态，可能导致权限绕过。

Description (English)

Nextcloud is an open-source synchronised and shared communications application for Nextcloud, Germany. Nextcloud had a mandate gap, which stemmed from the fact that the requesting person could set another person ’ s file to be approved, which could lead to a circumvention of authority.

Hazard Level

Critical

Vulnerability Type

授权问题

Affected Vendor

Nextcloud

Published

2025-12-05

Last Modified

2026-02-24

References

https://github.com/nextcloud/approval/commit/e30b56b7832255311ac800b7875f44866e88fff4 https://github.com/nextcloud/approval/pull/334 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q26g-fmjq-x5g5 https://hackerone.com/reports/3338748

Patch

https://apps.nextcloud.com/apps/approval