Unrated severityNVD Advisory· Published May 16, 2025· Updated May 16, 2025
Nextcloud Desktop 3rdparty applications can create share links via socket API
CVE-2025-47792
Description
Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nextcloud/security-advisoriesv5Range: < 3.15
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/desktop/pull/7517mitrex_refsource_MISC
- github.com/nextcloud/security-advisories/security/advisories/GHSA-qm2f-959g-7p65mitrex_refsource_CONFIRM
- hackerone.com/reports/1995856mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.