Vulnerability Description
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Tables | >= 0.6.0, < 0.8.9 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2cwj-qPatchVendor Advisory
- https://github.com/nextcloud/tables/commit/b92b9560b1e70a02b103a7aeb9e22e2ab5231Patch
- https://github.com/nextcloud/tables/pull/2148Issue TrackingPatch
- https://hackerone.com/reports/3334165Issue TrackingVendor Advisory
FAQ
What is CVE-2025-66513?
CVE-2025-66513 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the r...
How severe is CVE-2025-66513?
CVE-2025-66513 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-66513?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Tables.