Unrated severityNVD Advisory· Published Dec 3, 2025· Updated Dec 3, 2025
Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy
CVE-2025-66208
Description
Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php and an intermediate reverse proxy. This vulnerability is fixed in 25.04.702.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <25.04.702
- Range: < 25.04.702
Patches
Vulnerability mechanics
References
1- github.com/CollaboraOnline/online/security/advisories/GHSA-j3q6-q5pc-v5wfmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.