CVE-2025-66553

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p53h-6294-crjw	Patch Vendor Advisory
https://github.com/nextcloud/tables/commit/e975f5bfedb6922f04cdd236cde4e26067fe064e	Patch
https://github.com/nextcloud/tables/pull/1891	Issue Tracking
https://hackerone.com/reports/3138721	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:tables::::::nextcloud::*
	cpe:2.3:a:nextcloud:tables::::::nextcloud::*

History

No history.

Information

Published : 2025-12-05 18:15

Updated : 2025-12-09 17:03

NVD link : CVE-2025-66553

Mitre link : CVE-2025-66553

CVE.ORG link : CVE-2025-66553

JSON object : View

Products Affected

nextcloud

tables

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2025-66553", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-12-05T18:15:58.460", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p53h-6294-crjw", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/tables/commit/e975f5bfedb6922f04cdd236cde4e26067fe064e", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/tables/pull/1891", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://hackerone.com/reports/3138721", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4."}], "lastModified": "2025-12-09T17:03:18.813", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:tables:*:*:*:*:*:nextcloud:*:*", "vulnerable": true, "matchCriteriaId": "8F6FEA34-55C6-4BE2-9B0A-A4A7B6A9AD2C", "versionEndExcluding": "0.8.7", "versionStartIncluding": "0.8.0"}, {"criteria": "cpe:2.3:a:nextcloud:tables:*:*:*:*:*:nextcloud:*:*", "vulnerable": true, "matchCriteriaId": "8E73963A-16FC-4C82-90C9-E275535CEA5B", "versionEndExcluding": "0.9.4", "versionStartIncluding": "0.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}