File Inclusion Vulnerability in Nextcloud Tables by Nextcloud
CVE-2025-58051

6.5MEDIUM

Key Information:

Vendor

Nextcloud
Status
Security-advisories
Vendor
CVE Published:
16 October 2025

What is CVE-2025-58051?

The Nextcloud Tables application allows users to create custom tables with specific columns. However, prior versions up to 0.7.5, 0.8.7, and 0.9.4 are susceptible to a file inclusion vulnerability. Attackers may exploit this flaw by importing tables and specifying files on the server. If these files are formatted in line with the PhpSpreadsheet library's requirements, their contents may be inadvertently exposed to the attacker, leading to potential data leaks. Users are strongly advised to upgrade to versions 0.7.6, 0.8.8, or 0.9.5 to mitigate this risk.

Affected Version(s)

security-advisories >= 0.7.0, < 0.7.6 < 0.7.0, 0.7.6

security-advisories >= 0.8.0, < 0.8.8 < 0.8.0, 0.8.8

security-advisories >= 0.9.0, < 0.9.5 < 0.9.0, 0.9.5

References

https://github.com/nextcloud/security-advisories/security...
x_refsource_CONFIRM
https://github.com/nextcloud/tables/pull/1936
x_refsource_MISC
https://hackerone.com/reports/3249624
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-58051 : File Inclusion Vulnerability in Nextcloud Tables by Nextcloud