Description

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests to another server. The endpoint was removed in Nextcloud Server 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server 28.0.13, 29.0.10, and 30.0.3. No known workarounds are available.

INFO

Published Date :

2025-05-16T14:09:27.322Z

Last Modified :

2025-05-16T14:50:38.405Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-47791 vulnerability.

Vendors Products
Nextcloud
  • Nextcloud Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-47791.

URL Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7vq-m7f8-rx37 cve-icon cve-icon
https://github.com/nextcloud/server/pull/49558 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact