CVE-2025-47794

CWE-284Improper Access Control2 documents2 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 78.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Nextcloud ServerNextcloud Security-advisories
Timeline
PublishedMay 16

Description

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/nextcloud_server26.0.026.0.13.13+5
CVEListV5nextcloud/security-advisories6 versions+5

🔴Vulnerability Details

1
CVEList
Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission2025-05-16
CVE-2025-47794 (MEDIUM CVSS 4.3) | Nextcloud Server is a self hosted p | cvebase.io