CVE-2025-66515

LOW

Nextcloud Approval <1.3.1, 2.5.0 - Privilege Escalation

Title source: llm

Description

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0.

References (4)

[Patch, Vendor Advisory] https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q26g-fmjq-x5g5

[Issue Tracking] https://github.com/nextcloud/approval/pull/334

[Patch] https://github.com/nextcloud/approval/commit/e30b56b7832255311ac800b7875f44866e88fff4

View Patch ZIP pw:eip

[Issue Tracking, Vendor Advisory] https://hackerone.com/reports/3338748

Scores

CVSS v3 2.7

EPSS 0.0002

EPSS Percentile 6.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-287

Status published

Products (1)

nextcloud/approval 1.0.0 - 1.3.1

Published Dec 05, 2025

Tracked Since Feb 18, 2026