cbcvebase.
CVE-2025-66546
published 2025-12-05

CVE-2025-66546: Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential…

PriorityP411low3.3CVSS 3.1
AVLACLPRLUINSUCLINAN
EPSS
0.12%
2.0th percentile
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1.

Affected

6 ranges
VendorProductVersion rangeFixed in
nextcloudcalendar
nextcloudcalendar>= 4.0.0 < 4.7.194.7.19
nextcloudcalendar>= 5.0.0 < 5.5.65.5.6
nextcloudsecurity-advisories
nextcloudsecurity-advisories
nextcloudsecurity-advisories
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.