Unrated severityNVD Advisory· Published Dec 5, 2025· Updated Dec 5, 2025

Nextcloud Tables app share information not limited to relevant users

CVE-2025-66513

Description

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.

Affected products

Nextcloud/Tablesllm-fuzzy
Range: <0.8.9 || >=0.9.0 <0.9.6 || >=1.0.0 <1.0.1
nextcloud/security-advisoriesv5
Range: >= 1.0.0-beta.1, < 1.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/nextcloud/security-advisories/security/advisories/GHSA-2cwj-qp49-4xfwmitrex_refsource_CONFIRM
github.com/nextcloud/tables/commit/b92b9560b1e70a02b103a7aeb9e22e2ab5231873mitrex_refsource_MISC
github.com/nextcloud/tables/pull/2148mitrex_refsource_MISC
hackerone.com/reports/3334165mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000