CVE-2025-66545
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nextcloud | group_folders | to 14.0.11 (exc) |
| nextcloud | group_folders | From 15.0.0 (inc) to 15.3.12 (exc) |
| nextcloud | group_folders | From 16.0.0 (inc) to 16.0.15 (exc) |
| nextcloud | group_folders | From 17.0.0 (inc) to 17.0.14 (exc) |
| nextcloud | group_folders | From 18.0.0 (inc) to 18.1.8 (exc) |
| nextcloud | group_folders | From 19.0.0 (inc) to 20.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-707 | The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows users with read-only permissions to restore deleted files, which compromises data integrity by enabling unauthorized file restoration. Such unauthorized access and modification of data could lead to violations of compliance requirements in standards like GDPR and HIPAA, which mandate strict access controls and data integrity protections. Therefore, if exploited, this vulnerability could negatively impact compliance with these regulations by allowing unauthorized data recovery and access control violations. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing whether a user with read-only permissions on a Nextcloud Groupfolders team folder is able to restore deleted files from the trash bin, which should not be allowed. A practical detection method involves reproducing the issue by: 1) Creating a group and assigning it to a team folder with all permissions enabled. 2) Setting the group's permissions to read-only (disabling editing). 3) Uploading and deleting a file in the team folder. 4) Logging in as a user in the read-only group and attempting to restore the deleted file from the trash bin. If the user can restore the file despite read-only permissions, the vulnerability is present. There are no specific network commands or automated detection scripts provided in the resources. Detection is primarily done through permission and functionality testing within the Nextcloud interface. [3]
Can you explain this vulnerability to me?
This vulnerability in Nextcloud Groupfolders allows a user with read-only permission to restore a file from the trash bin, which they should not be able to do. It affects versions prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, and has been fixed in these versions.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing users with only read-only access to restore deleted files, potentially leading to unauthorized changes or data recovery actions that violate intended access controls. This could undermine data integrity and control within shared group folders.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Nextcloud Groupfolders to one of the fixed versions: 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, or 20.1.2. This will prevent users with read-only permission from restoring files from the trash bin.