VYPR
Unrated severityNVD Advisory· Published Dec 5, 2025· Updated Dec 5, 2025

Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud

CVE-2025-66512

Description

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nextcloud/Serverllm-fuzzy
    Range: < 31.0.12, < 32.0.3
  • nextcloud/security-advisoriesv5
    Range: >= 32.0.0beta1, < 32.0.3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.