CVE-2025-58051
BaseFortify
Publication date: 2025-10-16
Last updated on: 2025-10-21
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nextcloud | tables | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-841 | The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Nextcloud Tables allows a user importing a table to specify files on the server. If these files are in a format supported by the PhpSpreadsheet library used by Nextcloud Tables, their content could be included and leaked to the user. This occurs in versions prior to 0.7.6, 0.8.8, and 0.9.5.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of server files to a user, resulting in a confidentiality breach. An attacker with user privileges could access sensitive information stored on the server through this flaw.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Nextcloud Tables app to version 0.7.6, 0.8.8, or 0.9.5 or later to mitigate this vulnerability.