ByteOS Network

NVD Vulnerability Details :

CVE-2025-66510

Analyzed

Source-security-advisories@github.com

Published At-05 Dec, 2025 | 17:16

Updated At-10 Dec, 2025 | 16:12

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Primary	3.1	4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 4.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

Type: Primary

Version: 3.1

Base score: 4.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CPE Matches

Nextcloud GmbH

>>nextcloud_server>>Versions from 28.0.0(inclusive) to 28.0.14.11(exclusive)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*

Nextcloud GmbH

>>nextcloud_server>>Versions from 29.0.0(inclusive) to 29.0.16.8(exclusive)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*

Nextcloud GmbH

>>nextcloud_server>>Versions from 30.0.0(inclusive) to 30.0.17.3(exclusive)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*

Nextcloud GmbH

>>nextcloud_server>>Versions from 31.0.0(inclusive) to 31.0.10(exclusive)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*

Nextcloud GmbH

>>nextcloud_server>>Versions from 31.0.0(inclusive) to 31.0.10(exclusive)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*

Nextcloud GmbH

>>nextcloud_server>>Versions from 32.0.0(inclusive) to 32.0.1(exclusive)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-359	Primary	security-advisories@github.com

CWE ID: CWE-359

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-495w-cqv6-wr59	security-advisories@github.com	Patch Vendor Advisory
https://github.com/nextcloud/server/commit/e4866860cbf24a746eb8a125587262a4c8831c57	security-advisories@github.com	Patch
https://github.com/nextcloud/server/pull/55657	security-advisories@github.com	Issue Tracking

Hyperlink: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-495w-cqv6-wr59

Source: security-advisories@github.com

Resource:

Patch

Vendor Advisory

Hyperlink: https://github.com/nextcloud/server/commit/e4866860cbf24a746eb8a125587262a4c8831c57

Source: security-advisories@github.com

Resource:

Patch

Hyperlink: https://github.com/nextcloud/server/pull/55657

Source: security-advisories@github.com

Resource:

Issue Tracking

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History