CVE-2025-47791
MEDIUMNextcloud Server < 28.0.13, 29.0.10, 30.0.3 - Server-Side Request Forgery via Share Recipient Verification Endpoint
Title source: llmDescription
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests to another server. The endpoint was removed in Nextcloud Server 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server 28.0.13, 29.0.10, and 30.0.3. No known workarounds are available.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7vq-m7f8-rx37
Patch x_refsource_misc
https://github.com/nextcloud/server/pull/49558
Scores
CVSS v3
4.3
EPSS
0.0019
EPSS Percentile
40.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (1)
nextcloud/nextcloud_server
28.0.0 - 28.0.13 (2 CPE variants)
Published
May 16, 2025
Tracked Since
Feb 18, 2026