Home > Vulnerability Database > CVE-2025-47792

Mend.io Vulnerability Database

CVE-2025-47792

Good to know:

Date: May 16, 2025

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available.

Severity Score

5.0

Related Resources (6)

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qm2f-959g-7p65

Url: https://github.com/nextcloud/desktop/pull/7517

Url: https://hackerone.com/reports/1995856

Url: https://security-tracker.debian.org/tracker/CVE-2025-47792

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-47792

Url: https://www.mend.io/vulnerability-database/CVE-2025-47792

Severity Score

5.0

Weakness Type (CWE)

Improper Access Control

CWE-284

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version https://github.com/nextcloud/desktop.git - v3.15.0

Learn More

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-47792

Good to know:

Date: May 16, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?