CVE-2025-66552

CWE-7782 documents2 sources

Severity

4.3MEDIUM

EPSS

0.0%

top 87.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Security-advisories Nextcloud Nextcloud Server

Timeline

PublishedDec 5

Description

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed in Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDnextcloud/nextcloud_server30.0.0 — 30.0.9+1

▶CVEListV5nextcloud/security-advisories< 31.0.9+1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Nextcloud Server admin_audit does not log all actions on files in groupfolders↗2025-12-05

▶