VYPR
Unrated severityNVD Advisory· Published Dec 5, 2025· Updated Dec 8, 2025

Nextcloud Deck app allows to spoof file extensions by using RTLO characters

CVE-2025-66548

Description

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension than what is displayed. This vulnerability is fixed in 1.12.7, 1.14.4, and 1.15.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nextcloud/Deckllm-fuzzy
    Range: <1.12.7
  • nextcloud/security-advisoriesv5
    Range: >= 1.15.0-beta.1, < 1.15.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.