Unrated severityNVD Advisory· Published Dec 5, 2025· Updated Dec 5, 2025

Nextcloud Tables app allowed users to view columns metadata information of any table

CVE-2025-66553

Description

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4.

Affected products

Nextcloud/Tablesllm-fuzzy
Range: <0.8.7 || <0.9.4
nextcloud/security-advisoriesv5
Range: >= 0.9.0-beta.1, < 0.9.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/nextcloud/security-advisories/security/advisories/GHSA-p53h-6294-crjwmitrex_refsource_CONFIRM
github.com/nextcloud/tables/commit/e975f5bfedb6922f04cdd236cde4e26067fe064emitrex_refsource_MISC
github.com/nextcloud/tables/pull/1891mitrex_refsource_MISC
hackerone.com/reports/3138721mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000