CVE-2025-66553

medium

Description

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4.

References

https://hackerone.com/reports/3138721

https://github.com/nextcloud/tables/pull/1891

https://github.com/nextcloud/tables/commit/e975f5bfedb6922f04cdd236cde4e26067fe064e

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p53h-6294-crjw

Details

Source: Mitre, NVD

Published: 2025-12-05

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Medium