Unrated severityNVD Advisory· Published Dec 5, 2025· Updated Dec 5, 2025

Nextcloud talk allows participants to blindly delete poll drafts of other users by ID

CVE-2025-66556

Description

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

Affected products

Google/Talkllm-fuzzy
Range: <20.1.8, <21.1.2
nextcloud/security-advisoriesv5
Range: < 20.1.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vqgg-m2jhmitrex_refsource_CONFIRM
github.com/nextcloud/spreed/commit/bd68e80d1dea98d84c1d621c2c681238cf041725mitrex_refsource_MISC
github.com/nextcloud/spreed/pull/15532mitrex_refsource_MISC
hackerone.com/reports/3247386mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000