Nextcloud Group Folders vulnerabilities

CVE-2025-66545 [LOW] CWE-707 CVE-2025-66545: Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prio Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerability is fixed in 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2.

CVE-2025-47793 [MEDIUM] CWE-770 CVE-2025-47793: Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud Groupfolders app prior to 18.0.3, 17.0.5, and 16.0.11, the

CVE-2020-8153 [HIGH] CWE-284 CVE-2020-8153: Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when ren Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.