1. Home
  2. CVE Database
  3. CVE-2025-66510
MEDIUM · 4.5

CVE-2025-66510

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contact...

Vulnerability Description

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts.

CVSS Score

4.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
NextcloudNextcloud Server>= 28.0.0, < 28.0.14.11

Related Weaknesses (CWE)

CWE-359

References

FAQ

What is CVE-2025-66510?

CVE-2025-66510 is a vulnerability with a CVSS score of 4.5 (MEDIUM). Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contact...

How severe is CVE-2025-66510?

CVE-2025-66510 has been rated MEDIUM with a CVSS base score of 4.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-66510?

Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Server.