Description

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.

INFO

Published Date :

2025-05-16T14:35:25.280Z

Last Modified :

2025-05-16T14:48:34.016Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-47794 vulnerability.

Vendors Products
Nextcloud
  • Nextcloud Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-47794.

URL Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q568-2933-gcjq cve-icon cve-icon
https://github.com/nextcloud/server/pull/51194 cve-icon cve-icon
https://hackerone.com/reports/1960647 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact