Vulnerability Database

308,681

Total vulnerabilities in the database

CVE-2025-47792

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available.

Published: May 16, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-47792
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5
AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

CWEs:

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
nextcloud / desktop	-	3.15.0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo