Vulnerability DatabaseCVE-2025-66552
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-66552
December 05, 2025
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed in Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1.
Affected Packages
https://github.com/nextcloud/server.git (GITHUB):
Affected version(s) >=v1.1 <v30.0.9
Fix Suggestion:
Update to version v30.0.9
https://github.com/nextcloud/server.git (GITHUB):
Affected version(s) =v31.0.0 <v31.0.1
Fix Suggestion:
Update to version v31.0.1
Related ResourcesĀ (4)
https://github.com/nextcloud/server/commit/7cc005c43c72bc384848cf8cb851895827c412f6
https://hackerone.com/reports/2890071
https://github.com/nextcloud/server/pull/50992
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ww9m-f8j4-jj9x
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW
Weakness Type (CWE)
Insufficient Logging
CWE-778
EPSS
Base Score:
0.03