Vulnerability Database

314,496

Total vulnerabilities in the database

CVE-2025-66551

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3.

Published: Dec 5, 2025
Updated: Dec 6, 2025
CVE: CVE-2025-66551
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.3
AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L

CWEs:

CWE-639

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
nextcloud / tables	0.4.0	0.8.6
nextcloud / tables	0.9.0	0.9.3

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w787-vwqp-8wr7
https://github.com/nextcloud/tables/commit/39f24a62fb41fd7a8bda65325f8bbafdc91c731c
https://github.com/nextcloud/tables/pull/1810
https://hackerone.com/reports/3137895

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo