Nextcloud Tables Security Flaw Allows Unauthorized Permissions Management
CVE-2025-66513

4.3MEDIUM

Key Information:

Vendor

Nextcloud
Status
Security-advisories
Vendor
CVE Published:
5 December 2025

What is CVE-2025-66513?

A security vulnerability in Nextcloud Tables allows users to manage sharing permissions without proper restriction, potentially leading to unauthorized access. This flaw was identified in versions prior to 0.8.9, 0.9.6, and 1.0.1, where the mapping of tables to user groups was exposed to users lacking the requisite privileges. The issue has been rectified in the specified versions, emphasizing the importance of software updates in maintaining security integrity.

Affected Version(s)

security-advisories >= 1.0.0-beta.1, < 1.0.1 < 1.0.0-beta.1, 1.0.1

security-advisories >= 0.9.0-beta.1, < 0.9.6 < 0.9.0-beta.1, 0.9.6

security-advisories < 0.8.9 < 0.8.9

References

https://github.com/nextcloud/security-advisories/security...
x_refsource_CONFIRM
https://github.com/nextcloud/tables/pull/2148
x_refsource_MISC
https://github.com/nextcloud/tables/commit/b92b9560b1e70a...
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-66513 : Nextcloud Tables Security Flaw Allows Unauthorized Permissions Management