Home > Vulnerability Database > CVE-2023-25821

Mend.io Vulnerability Database

CVE-2023-25821

Good to know:

Date: February 24, 2023

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available.

Language: PHP

Severity Score

7.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-25821

Url: https://hackerone.com/reports/1724016

Url: https://github.com/nextcloud/server/pull/34502

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7w6h-5qgw-4j94

Url: https://www.mend.io/vulnerability-database/CVE-2023-25821

Severity Score

7.5

Top Fix

Upgrade Version

Upgrade to version v24.0.7,v25.0.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-25821

Good to know:

Date: February 24, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?