ByteOS Network

NVD Vulnerability Details :

CVE-2025-66556

Analyzed

Source-security-advisories@github.com

Published At-05 Dec, 2025 | 18:15

Updated At-09 Dec, 2025 | 16:52

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	3.5	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Primary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 3.5

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Type: Primary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CPE Matches

Nextcloud GmbH

>>talk>>Versions from 20.0.0(inclusive) to 20.1.8(exclusive)

cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*

Nextcloud GmbH

>>talk>>Versions from 21.0.0(inclusive) to 21.1.2(exclusive)

cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*