Nextcloud Groupfolders - Vulnerability in Shared Folder File Management
CVE-2025-66545

3.5LOW

Key Information:

Vendor: Nextcloud
Status: Security-advisories
Vendor: CVE Published:; 5 December 2025

🔔 Create Nextcloud Vulnerability Alert

What is CVE-2025-66545?

In Nextcloud Groupfolders, prior to specified versions, the system incorrectly allowed users with read-only access to restore files from the trash bin. This oversight compromises data integrity and security within shared folders, enabling unauthorized restoration of potentially sensitive files. The issue has been resolved in later versions, ensuring that only users with the proper permissions can perform such actions.

Affected Version(s)

security-advisories < 14.0.11 < 14.0.11

security-advisories >= 15.0.0-beta1, < 15.3.12 < 15.0.0-beta1, 15.3.12

security-advisories >= 16.0.0, < 16.0.15 < 16.0.0, 16.0.15

References

https://github.com/nextcloud/security-advisories/security...

x_refsource_CONFIRM

https://github.com/nextcloud/groupfolders/issues/4041

x_refsource_MISC

https://github.com/nextcloud/groupfolders/pull/4076

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2025
Vulnerability Reserved
Dec 4, 2025

CVE-2025-66545 Data

.