cbcvebase.
CVE-2023-25817
published 2023-03-27

CVE-2023-25817: Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete…

PriorityP344high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
EPSS
0.56%
42.6th percentile
Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the Nextcloud Server is upgraded to 24.0.9. There are no known workarounds for this vulnerability.

Affected

2 ranges
VendorProductVersion rangeFixed in
nextcloudnextcloud_server>= 24.0.0 < 24.0.924.0.9
nextcloudsecurity-advisories
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.