CVE-2025-66545
LOWNextcloud <14.0.11, <15.3.12, <16.0.15, <17.0.14, <18.1.8, <19.1.8,...
Title source: llmDescription
Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerability is fixed in 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vrq-fhmf-c49m
Issue Tracking x_refsource_misc
https://github.com/nextcloud/groupfolders/issues/4041
Issue Tracking, Patch x_refsource_misc
https://github.com/nextcloud/groupfolders/pull/4076
Scores
CVSS v3
3.5
EPSS
0.0023
EPSS Percentile
13.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-707
Status
published
Products (1)
nextcloud/group_folders
< 14.0.11
Published
Dec 05, 2025
Tracked Since
Feb 18, 2026