CVE-2025-66515 (GCVE-0-2025-66515)
Vulnerability from cvelistv5
Published
2025-12-05 17:37
Modified
2025-12-05 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Version: >= 2.0.0, < 2.5.0 Version: < 1.3.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T18:03:48.806874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T18:10:00.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.5.0"
},
{
"status": "affected",
"version": "\u003c 1.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user\u2019s file into the \u201cpending approval\u201d without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T17:37:06.767Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q26g-fmjq-x5g5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q26g-fmjq-x5g5"
},
{
"name": "https://github.com/nextcloud/approval/pull/334",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/approval/pull/334"
},
{
"name": "https://github.com/nextcloud/approval/commit/e30b56b7832255311ac800b7875f44866e88fff4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/approval/commit/e30b56b7832255311ac800b7875f44866e88fff4"
},
{
"name": "https://hackerone.com/reports/3338748",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3338748"
}
],
"source": {
"advisory": "GHSA-q26g-fmjq-x5g5",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Approval app allows users to request approval for other users file"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66515",
"datePublished": "2025-12-05T17:37:06.767Z",
"dateReserved": "2025-12-03T15:28:02.992Z",
"dateUpdated": "2025-12-05T18:10:00.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-66515\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-12-05T18:15:57.623\",\"lastModified\":\"2025-12-05T18:15:57.623\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user\u2019s file into the \u201cpending approval\u201d without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":2.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"references\":[{\"url\":\"https://github.com/nextcloud/approval/commit/e30b56b7832255311ac800b7875f44866e88fff4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nextcloud/approval/pull/334\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q26g-fmjq-x5g5\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://hackerone.com/reports/3338748\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-66515\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-05T18:03:48.806874Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-05T18:09:54.033Z\"}}], \"cna\": {\"title\": \"Nextcloud Approval app allows users to request approval for other users file\", \"source\": {\"advisory\": \"GHSA-q26g-fmjq-x5g5\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"nextcloud\", \"product\": \"security-advisories\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 2.0.0, \u003c 2.5.0\"}, {\"status\": \"affected\", \"version\": \"\u003c 1.3.1\"}]}], \"references\": [{\"url\": \"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q26g-fmjq-x5g5\", \"name\": \"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q26g-fmjq-x5g5\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nextcloud/approval/pull/334\", \"name\": \"https://github.com/nextcloud/approval/pull/334\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nextcloud/approval/commit/e30b56b7832255311ac800b7875f44866e88fff4\", \"name\": \"https://github.com/nextcloud/approval/commit/e30b56b7832255311ac800b7875f44866e88fff4\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://hackerone.com/reports/3338748\", \"name\": \"https://hackerone.com/reports/3338748\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user\\u2019s file into the \\u201cpending approval\\u201d without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287: Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-12-05T17:37:06.767Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-66515\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-05T18:10:00.615Z\", \"dateReserved\": \"2025-12-03T15:28:02.992Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-12-05T17:37:06.767Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…