Description

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page.

INFO

Published Date :

2025-12-05T16:22:50.206Z

Last Modified :

2025-12-05T20:05:05.069Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66512 vulnerability.

Vendors Products
Nextcloud
  • Nextcloud
  • Nextcloud Enterprise Server
  • Nextcloud Server
  • Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66512.

URL Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qcw2-p26m-9gc5 cve-icon cve-icon
https://github.com/nextcloud/viewer/commit/5044a27d61bc40c0f134298d36af91f865335b63 cve-icon cve-icon
https://github.com/nextcloud/viewer/pull/3023 cve-icon cve-icon
https://hackerone.com/reports/3357808 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact