CVE-2025-66513
MEDIUMNextcloud Tables <0.8.9, <0.9.6, <1.0.1 - Info Disclosure
Title source: llmDescription
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2cwj-qp49-4xfw
Issue Tracking, Patch x_refsource_misc
https://github.com/nextcloud/tables/pull/2148
Patch x_refsource_misc
https://github.com/nextcloud/tables/commit/b92b9560b1e70a02b103a7aeb9e22e2ab5231873
Issue Tracking, Vendor Advisory x_refsource_misc
https://hackerone.com/reports/3334165
Scores
CVSS v3
4.3
EPSS
0.0002
EPSS Percentile
6.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-639
Status
published
Products (1)
nextcloud/tables
0.6.0 - 0.8.9
Published
Dec 05, 2025
Tracked Since
Feb 18, 2026