Nextcloud Talk Video & Audio Conferencing App Vulnerability in Poll Management
CVE-2025-66556

3.5LOW

Key Information:

Vendor

Nextcloud
Status
Security-advisories
Vendor
CVE Published:
5 December 2025

What is CVE-2025-66556?

A vulnerability exists in the Nextcloud Talk application, which is designed for video and audio conferencing. Before the releases of versions 20.1.8 and 21.1.2, participants with chat permissions could exploit this flaw to delete poll drafts created by other users within the same conversation, based solely on their numeric ID. This unauthorized access could disrupt collaborative decision-making processes during meetings. Updated versions have addressed this issue, reinforcing the integrity of poll management within the application.

Affected Version(s)

security-advisories < 20.1.8 < 20.1.8

security-advisories >= 21.0.0-beta.1, < 21.1.2 < 21.0.0-beta.1, 21.1.2

References

https://github.com/nextcloud/security-advisories/security...
x_refsource_CONFIRM
https://github.com/nextcloud/spreed/pull/15532
x_refsource_MISC
https://github.com/nextcloud/spreed/commit/bd68e80d1dea98...
x_refsource_MISC

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.