CVE-2025-66550
MEDIUMDescription
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This vulnerability is fixed in 4.7.17 and 5.2.4.
Is your site exposed to CVE-2025-66550?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| nextcloud | calendar |
| nextcloud | calendar |
References
Frequently Asked Questions
What is CVE-2025-66550? +
How severe is CVE-2025-66550? +
What products are affected by CVE-2025-66550? +
How do I check if I'm vulnerable to CVE-2025-66550? +
Related Vulnerabilities
The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted …
All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the …
All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to …
An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet …
Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of …
Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using …