/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-3gxh-8q9g-qj8g

Published

Last updated

https://images.chainguard.dev/security/CGA-3gxh-8q9g-qj8g
Package

nextcloud-server-30

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2025-64500
  • GHSA-3rg7-wf37-54rm

Severity

7.3

High

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-64500
  • https://github.com/advisories/GHSA-3rg7-wf37-54rm

Updates

Status

Pending upstream fix

Impact

nextcloud imports http-foundation via the nextcloud thirdparty submodule[1]. Upstream maintainers will need to release a new version of nextcloud to incorporate the fixed version of the submodule. [1] https://github.com/nextcloud/server/pull/56401/commits/7b7784966c9bbf44032b18a7c71f6c6f747aa037

Status

Under investigation

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal