Home > Vulnerability Database > CVE-2025-58051

Mend.io Vulnerability Database

CVE-2025-58051

Good to know:

Date: October 16, 2025

Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leaked to the user. It is recommended that the Nextcloud Tables app is upgraded to 0.7.6, 0.8.8 or 0.9.5.

Severity Score

6.5

Related Resources (5)

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wpp5-4w35-pxq6

Url: https://hackerone.com/reports/3249624

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-58051

Url: https://github.com/nextcloud/tables/pull/1936

Url: https://www.mend.io/vulnerability-database/CVE-2025-58051

Severity Score

6.5

Weakness Type (CWE)

Improper Enforcement of Behavioral Workflow

CWE-841

Top Fix

Upgrade Version

Upgrade to version https://github.com/nextcloud/tables.git - v0.7.6;https://github.com/nextcloud/tables.git - v0.8.8;https://github.com/nextcloud/tables.git - v0.9.5

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-58051

Good to know:

Date: October 16, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?