CVE-2025-66547

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-66547

Severity

4.3

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Summary

Nextcloud Server users can modify tags on files that do not belong to them

Description

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-66547
https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66547.json
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hq6c-r898-fgf2
https://github.com/nextcloud/server/commit/b44f1568f2dc97c746281d99e2342ad679e3d8a9
https://github.com/nextcloud/server/issues/51247
https://github.com/nextcloud/server/pull/51288
https://hackerone.com/reports/3040887

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-66547

Severity

Summary

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company