Vulnerability Description
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leaked to the user. It is recommended that the Nextcloud Tables app is upgraded to 0.7.6, 0.8.8 or 0.9.5.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wpp5-4
- https://github.com/nextcloud/tables/pull/1936
- https://hackerone.com/reports/3249624
FAQ
What is CVE-2025-58051?
CVE-2025-58051 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their form...
How severe is CVE-2025-58051?
CVE-2025-58051 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-58051?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.