CVE-2025-66545
MEDIUM EPSS 13.7%
Published Dec 5, 20256mo ago · Modified Jun 17, 20262w ago
4.3 CVSS 3.1
Published Dec 5, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago
Description
Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerability is fixed in 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
13.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-707
Affected Products 6
References 4
- github.com https://github.com/nextcloud/groupfolders/commit/bbe87ebed8da23e9df4db637a76fbc8d36439d58
- github.com https://github.com/nextcloud/groupfolders/issues/4041
- github.com https://github.com/nextcloud/groupfolders/pull/4076
- github.com https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vrq-fhmf-c49m
Remediation
- github.com https://github.com/nextcloud/groupfolders/commit/bbe87ebed8da23e9df4db637a76fbc8d36439d58
- github.com https://github.com/nextcloud/groupfolders/pull/4076
- github.com https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2vrq-fhmf-c49m