CVE-2025-66556

Опубликовано: 05 дек. 2025

Источник: nvd

CVSS3: 3.5

CVSS3: 4.3

EPSS Низкий

Описание

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

Ссылки

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vqgg-m2jh
Patch
Vendor Advisory
https://github.com/nextcloud/spreed/commit/bd68e80d1dea98d84c1d621c2c681238cf041725
Patch
https://github.com/nextcloud/spreed/pull/15532
Issue Tracking
Patch
https://hackerone.com/reports/3247386
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*

Версия от 20.0.0 (включая) до 20.1.8 (исключая)

cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*

Версия от 21.0.0 (включая) до 21.1.2 (исключая)

EPSS

Процентиль: 1%

0.00011

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-639

EPSS

Процентиль: 1%

0.00011

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-639