CVE-2025-66553 MEDIUM

CVE-2025-66553: Nextcloud Tables app allowed users to view columns metadata information of any table

Vendor Nextcloud
Product security-advisories
Weakness CWE-639 · IDOR
Published December 5, 2025
Last update December 5, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4.

Key dates

02Disclosure timeline

December 5, 2025 CVE published
December 5, 2025 Record updated