CVE-2025-66556 — LOW (3.5) — White Hats Nepal

Q: How severe is CVE-2025-66556?

CVE-2025-66556 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-66556?

Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Talk.

Vulnerability Description

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Nextcloud	Talk	>= 20.0.0, < 20.1.8

Related Weaknesses (CWE)

CWE-639

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vPatchVendor Advisory
https://github.com/nextcloud/spreed/commit/bd68e80d1dea98d84c1d621c2c681238cf041Patch
https://github.com/nextcloud/spreed/pull/15532Issue TrackingPatch
https://hackerone.com/reports/3247386Issue TrackingVendor Advisory

FAQ

What is CVE-2025-66556?

CVE-2025-66556 is a vulnerability with a CVSS score of 3.5 (LOW). Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conver...

How severe is CVE-2025-66556?

CVE-2025-66556 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-66556?

Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Talk.