Low severity2.6NVD Advisory· Published May 16, 2025· Updated Jun 17, 2026
CVE-2025-47794
CVE-2025-47794
Description
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <29.0.13, <30.0.7, <31.0.1
- nextcloud/security-advisoriesv5Range: >= 26.0.0, < 26.0.13.13
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/security-advisories/security/advisories/GHSA-q568-2933-gcjqnvdVendor Advisory
- github.com/nextcloud/server/pull/51194nvdIssue Tracking
- hackerone.com/reports/1960647nvdPermissions Required
News mentions
0No linked articles in our index yet.