CVE-2025-66512

Description

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page.

CVSS v3.1 Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Weakness Type (CWE)

CWE-80 CWE-80

CWE-79 Cross-site Scripting (XSS)

Affected Products

Vendor	Product	Versions
nextcloud	nextcloud_server	31.0.0 — 31.0.12
nextcloud	nextcloud_server	31.0.0 — 31.0.12
nextcloud	nextcloud_server	32.0.0 — 32.0.3
nextcloud	nextcloud_server	32.0.0 — 32.0.3

References

Advisories & Patches

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qcw2-p26m-9gc5 https://github.com/nextcloud/viewer/commit/5044a27d61bc40c0f134298d36af91f865335b63 https://hackerone.com/reports/3357808

Other References

https://github.com/nextcloud/viewer/pull/3023

Frequently Asked Questions

What is CVE-2025-66512? +

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page. It has a CVSS v3.1 base score of 5.4 (MEDIUM).

How severe is CVE-2025-66512? +

CVE-2025-66512 has a CVSS v3.1 score of 5.4 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

What products are affected by CVE-2025-66512? +

CVE-2025-66512 affects products from nextcloud, specifically: nextcloud_server. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-66512? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-40872

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover …

CVE-2026-40875

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the user dashboard's "Seen …

CVE-2025-71310

The GDPR cookies module for Backdrop CMS (before 1.x-1.3.5) doesn't sufficiently protect visitors from Cross Site Scripting (XSS) if a …

CVE-2026-44839

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 …

CVE-2025-25299

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting …

CVE-2025-22274

It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. …