CNNVD-202512-665 Information

CNNVD ID

CNNVD-202512-665

Related CVE

CVE-2025-66512

• CNNVD Published: 2025-12-05

Description (Chinese)

Nextcloud Server是Nextcloud开源的一个Nextcloud服务器程序。 Nextcloud Server 31.0.12之前版本和32.0.3之前版本存在安全漏洞，该漏洞源于清理不足，可能导致内容安全策略被绕过。

Description (English)

Nextcloud Server is a Nextcloud server that is an open source for Nextcloud. Nextcloud Server 31.0.12 and 32.0.3 had a security loophole, which stemmed from inadequate clean-up and could lead to the circumvention of content security strategies.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Nextcloud

Published

2025-12-05

Last Modified

2026-02-24

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qcw2-p26m-9gc5 https://github.com/nextcloud/viewer/pull/3023 https://hackerone.com/reports/3357808 https://github.com/nextcloud/viewer/commit/5044a27d61bc40c0f134298d36af91f865335b63 https://vigilance.fr/vulnerability/Nextcloud-Server-Cross-Site-Scripting-via-SVG-Images-49001

Patch

https://nextcloud.com/install/#instructions-server