CVE-2025-58051

CWE-8412 documents2 sources

Severity

6.5MEDIUM

EPSS

0.0%

top 97.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Security-advisories

Timeline

PublishedOct 16

Description

Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leaked to the user. It is recommended that the Nextcloud Tables app is upgraded to 0.7.6, 0.8.8 or 0.9.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶CVEListV5nextcloud/security-advisories>= 0.7.0, < 0.7.6, >= 0.8.0, < 0.8.8, >= 0.9.0, < 0.9.5+2

🔴Vulnerability Details

CVEList

Nextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table↗2025-10-16

▶