Unrated severityNVD Advisory· Published Dec 5, 2025· Updated Dec 9, 2025
Nextcloud Tables is missing an ownership check which allows moving columns into tables of other users
CVE-2025-66551
Description
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nextcloud/security-advisoriesv5Range: >= 0.9.0-beta.1, < 0.9.3
Patches
Vulnerability mechanics
References
4- github.com/nextcloud/security-advisories/security/advisories/GHSA-w787-vwqp-8wr7mitrex_refsource_CONFIRM
- github.com/nextcloud/tables/commit/39f24a62fb41fd7a8bda65325f8bbafdc91c731cmitrex_refsource_MISC
- github.com/nextcloud/tables/pull/1810mitrex_refsource_MISC
- hackerone.com/reports/3137895mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.