Description

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.

INFO

Published Date :

2025-12-05T16:32:17.359Z

Last Modified :

2025-12-05T18:20:43.503Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66547 vulnerability.

Vendors Products
Nextcloud
  • Nextcloud
  • Nextcloud Enterprise Server
  • Nextcloud Server
  • Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66547.

URL Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hq6c-r898-fgf2 cve-icon cve-icon
https://github.com/nextcloud/server/commit/b44f1568f2dc97c746281d99e2342ad679e3d8a9 cve-icon cve-icon
https://github.com/nextcloud/server/issues/51247 cve-icon cve-icon
https://github.com/nextcloud/server/pull/51288 cve-icon cve-icon
https://hackerone.com/reports/3040887 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact