Description

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts.

INFO

Published Date :

2025-12-05T16:18:53.699Z

Last Modified :

2025-12-05T20:02:53.678Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66510 vulnerability.

Vendors Products
Nextcloud
  • Nextcloud
  • Nextcloud Enterprise Server
  • Nextcloud Server
  • Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66510.

URL Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-495w-cqv6-wr59 cve-icon cve-icon
https://github.com/nextcloud/server/commit/e4866860cbf24a746eb8a125587262a4c8831c57 cve-icon cve-icon
https://github.com/nextcloud/server/pull/55657 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact