Description

Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis.

INFO

Published Date :

2025-12-04T00:00:00.000Z

Last Modified :

2025-12-11T15:04:25.726Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59788 vulnerability.

Vendors Products
Nextcloud
  • Nextcloud
  • Nextcloud Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59788.

URL Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24wp-p865-7j4r cve-icon cve-icon
https://nextcloud.com cve-icon cve-icon
https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-003/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact