VYPR
Unrated severityNVD Advisory· Published Dec 5, 2025· Updated Dec 8, 2025

Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory

CVE-2025-66549

Description

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is fixed in 3.16.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Desktop/Desktopllm-fuzzy
    Range: <3.16.5
  • nextcloud/security-advisoriesv5
    Range: < 3.16.5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.