CVE-2025-66556

low

Description

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

References

https://hackerone.com/reports/3247386

https://github.com/nextcloud/spreed/pull/15532

https://github.com/nextcloud/spreed/commit/bd68e80d1dea98d84c1d621c2c681238cf041725

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vqgg-m2jh

Details

Source: Mitre, NVD

Published: 2025-12-05

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 3.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Severity: Low