CVE-2025-59716
published 2025-11-05CVE-2025-59716: ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient…
PriorityP181medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.85%
53.5th percentile
ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user rather than a non-existent user.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| owncloud | guests | <= 0.12.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Send a GET request to /apps/guests/register/<email>/invalid-token-12345 unauthenticated; a response body containing 'No such guest user' alongside 'ownCloud' with HTTP 200 indicates the email does NOT correspond to a valid pending guest — differing responses reveal valid guest accounts (user enumeration via differential response). ↗
- →Monitor for unauthenticated GET requests to the pattern /apps/guests/register/* on ownCloud instances; high-frequency requests to this endpoint from a single source indicate automated guest-user enumeration. ↗
- →Shodan/FOFA exposure query: hunt for internet-facing ownCloud instances (http.title:"ownCloud" / title="ownCloud") as likely targets for this unauthenticated enumeration attack. ↗
- ·Vulnerability only affects ownCloud Guests versions before 0.12.5; instances already updated to 0.12.5 or later are not affected. ↗
- ·The differential response (presence of 'No such guest user' vs. a different response) is the sole distinguishing signal; detection logic must account for both the response body content AND HTTP status code (200) together to avoid false positives. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-967j-jc6x-3jm4: ownCloud Guests before 0
ghsa_unreviewed·2025-11-05
CVE-2025-59716 [MEDIUM] CWE-200 GHSA-967j-jc6x-3jm4: ownCloud Guests before 0
ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user rather than a non-existent user.
VulnCheck
owncloud guests Exposure of Sensitive Information to an Unauthorized Actor
vulncheck·2025·CVSS 5.3
CVE-2025-59716 [MEDIUM] owncloud guests Exposure of Sensitive Information to an Unauthorized Actor
owncloud guests Exposure of Sensitive Information to an Unauthorized Actor
ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user rather than a non-existent user.
Affected: owncloud guests
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://tracker.crowdsec.net/cves/CVE-2025-59716
No detection rules found.
Nuclei
ownCloud Guests - User Enumeration
nuclei·CVSS 5.3
CVE-2025-59716 [MEDIUM] ownCloud Guests - User Enumeration
ownCloud Guests - User Enumeration
ownCloud Guests before 0.12.5 contains an unauthenticated user enumeration vulnerability caused by insufficient validation of the token in showPasswordForm at /apps/guests/register/{email}/{token}, letting unauthenticated attackers enumerate valid guest users, exploit requires no authentication.
Template:
id: CVE-2025-59716
info:
name: ownCloud Guests - User Enumeration
author: DhiyaneshDk
severity: medium
description: |
ownCloud Guests before 0.12.5 contains an unauthenticated user enumeration vulnerability caused by insufficient validation of the token in showPasswordForm at /apps/guests/register/{email}/{token}, letting unauthenticated attackers enumerate valid guest users, exploit requires no authentication.
impact: |
Unauthenticated attackers can
No writeups or analysis indexed.
2025-11-05
Published
Exploited in the wild