Medium severity4.3NVD Advisory· Published May 16, 2025· Updated Jun 17, 2026
CVE-2025-47791
CVE-2025-47791
Description
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests to another server. The endpoint was removed in Nextcloud Server 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server 28.0.13, 29.0.10, and 30.0.3. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <28.0.13, <29.0.10, <30.0.3
- nextcloud/security-advisoriesv5Range: >= 28.0.0, < 28.0.13
Patches
Vulnerability mechanics
References
2- github.com/nextcloud/security-advisories/security/advisories/GHSA-c7vq-m7f8-rx37nvdPatchThird Party Advisory
- github.com/nextcloud/server/pull/49558nvdPatch
News mentions
0No linked articles in our index yet.