Description

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1.

INFO

Published Date :

2025-12-05T16:49:46.553Z

Last Modified :

2025-12-05T18:32:44.271Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66546 vulnerability.

Vendors Products
Nextcloud
  • Calendar
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66546.

URL Resource
https://github.com/nextcloud/calendar/commit/f41650c3681fc4a4130eb883f5c0899c011326b3 cve-icon cve-icon
https://github.com/nextcloud/calendar/pull/7537 cve-icon cve-icon
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7x2j-2674-fj95 cve-icon cve-icon
https://hackerone.com/reports/3275810 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact