Medium severity4.1NVD Advisory· Published Feb 13, 2023· Updated Jun 17, 2026
CVE-2023-25160
CVE-2023-25160
Description
Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nextcloud/security-advisoriesv5Range: < 1.11.8
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/mail/pull/7740nvdPatch
- github.com/nextcloud/security-advisories/security/advisories/GHSA-m45f-r5gh-h6cxnvdVendor Advisory
- hackerone.com/reports/1784681nvdPermissions RequiredThird Party Advisory
News mentions
0No linked articles in our index yet.