CVE-2025-58051
MEDIUMNextcloud Tables <0.7.6, 0.8.8, 0.9.5 - Info Disclosure
Title source: llmDescription
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leaked to the user. It is recommended that the Nextcloud Tables app is upgraded to 0.7.6, 0.8.8 or 0.9.5.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wpp5-4w35-pxq6
Issue Tracking x_refsource_misc
https://github.com/nextcloud/tables/pull/1936
Third Party Advisory x_refsource_misc
https://hackerone.com/reports/3249624
Scores
CVSS v3
6.5
EPSS
0.0001
EPSS Percentile
3.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-841
Status
published
Products (3)
nextcloud/security-advisories
>= 0.7.0, < 0.7.6
nextcloud/security-advisories
>= 0.8.0, < 0.8.8
nextcloud/security-advisories
>= 0.9.0, < 0.9.5
Published
Oct 16, 2025
Tracked Since
Feb 18, 2026