Vulnerability Database

319,561

Total vulnerabilities in the database

CVE-2025-58051

Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leaked to the user. It is recommended that the Nextcloud Tables app is upgraded to 0.7.6, 0.8.8 or 0.9.5.

Published: Oct 16, 2025
Updated: Nov 17, 2025
CVE: CVE-2025-58051
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-841

Affected Software
References

No affected software listed.

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wpp5-4w35-pxq6
https://github.com/nextcloud/tables/pull/1936
https://hackerone.com/reports/3249624

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo