CVE-2025-59716P1MEDIUMCVSS 5.3ExploitedPoC≤ 0.12.42025-11-05
CVE-2025-59716 [MEDIUM] CWE-200 CVE-2025-59716: ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/
ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user rather than a non-existent user.
nvd