CVE-2025-66549
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nextcloud | desktop | From 3.0.0 (inc) to 3.16.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability causes the file path of files inside end-to-end encrypted directories to be sent unencrypted to the server, allowing server administrators to see these paths in log files. This exposure of file path information could potentially lead to confidentiality issues, which may impact compliance with data protection regulations such as GDPR or HIPAA that require protection of sensitive information. However, the vulnerability does not affect data integrity or availability, and the impact is limited to information disclosure of file paths only. Upgrading to Nextcloud Desktop client version 3.16.5 mitigates this risk. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the transmission of unencrypted file paths to the server when manually locking files inside end-to-end encrypted directories using Nextcloud Desktop versions prior to 3.16.5. To detect this on your network, you can monitor network traffic for WebDAV LOCK requests containing cleartext file paths related to end-to-end encrypted directories. Using network packet capture tools like Wireshark or tcpdump, filter for WebDAV LOCK methods and inspect the paths sent. For example, you can use the following tcpdump command to capture WebDAV traffic: tcpdump -i <interface> -s 0 -w capture.pcap 'tcp port 80 or tcp port 443' and then analyze the capture for LOCK requests with unencrypted paths. Additionally, reviewing server log files for cleartext file paths in lock operations can help identify the vulnerability. Note that no specific commands are provided in the resources, but monitoring WebDAV LOCK requests for unencrypted paths is the key detection method. [2, 3]
Can you explain this vulnerability to me?
This vulnerability in Nextcloud Desktop versions prior to 3.16.5 occurs when a user tries to manually lock a file inside an end-to-end encrypted directory. The file path is sent to the server unencrypted, which means server administrators can see the file path in log files, potentially exposing sensitive information.
How can this vulnerability impact me? :
The vulnerability can impact you by exposing the paths of files stored in end-to-end encrypted directories to server administrators. This exposure could lead to privacy concerns or information leakage, as sensitive file paths might be visible in server logs even though the file contents are encrypted.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Nextcloud Desktop sync client to version 3.16.5 or later, as this version fixes the vulnerability where file paths inside end-to-end encrypted directories were sent unencrypted to the server.