CVE-2025-47792 — MEDIUM (5.0)

Q: How severe is CVE-2025-47792?

CVE-2025-47792 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-47792?

Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Desktop.

Vulnerability Description

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available.

CVSS Score

5.0

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Nextcloud	Desktop	< 3.15.0

Related Weaknesses (CWE)

CWE-284 CWE-862

References

https://github.com/nextcloud/desktop/pull/7517Patch
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qm2f-9Third Party Advisory
https://hackerone.com/reports/1995856Permissions Required

FAQ

What is CVE-2025-47792?

CVE-2025-47792 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost ...

How severe is CVE-2025-47792?

CVE-2025-47792 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-47792?

Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Desktop.