Vulnerability Database

310,469

Total vulnerabilities in the database

CVE-2025-66513

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.

Published: Dec 5, 2025
Updated: Dec 6, 2025
CVE: CVE-2025-66513
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWEs:

CWE-639

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

No affected software listed.

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2cwj-qp49-4xfw
https://github.com/nextcloud/tables/commit/b92b9560b1e70a02b103a7aeb9e22e2ab5231873
https://github.com/nextcloud/tables/pull/2148
https://hackerone.com/reports/3334165

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo