CVE-2025-66545
LOWDescription
Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerability is fixed in 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| nextcloud | group_folders |
| nextcloud | group_folders |
| nextcloud | group_folders |
| nextcloud | group_folders |
| nextcloud | group_folders |
| nextcloud | group_folders |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-66545? +
How severe is CVE-2025-66545? +
What products are affected by CVE-2025-66545? +
How do I check if I'm vulnerable to CVE-2025-66545? +
Related Vulnerabilities
Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation …
Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation …
The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and …
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. …
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. …
Microsoft Management Console Remote Code Execution Vulnerability