CVE-2025-47791

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests to another server. The endpoint was removed in Nextcloud Server 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server 28.0.13, 29.0.10, and 30.0.3. No known workarounds are available.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7vq-m7f8-rx37	Patch Third Party Advisory
https://github.com/nextcloud/server/pull/49558	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*

History

19 Sep 2025, 17:41

Type	Values Removed	Values Added
References	~~() https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7vq-m7f8-rx37 -~~	() https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7vq-m7f8-rx37 - Patch, Third Party Advisory
References	~~() https://github.com/nextcloud/server/pull/49558 -~~	() https://github.com/nextcloud/server/pull/49558 - Patch
First Time		Nextcloud Nextcloud nextcloud Server
CPE		cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::* cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*

19 May 2025, 13:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-16 15:15

Updated : 2025-09-19 17:41

NVD link : CVE-2025-47791

Mitre link : CVE-2025-47791

CVE.ORG link : CVE-2025-47791

JSON object : View

Products Affected

nextcloud

nextcloud_server

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2025-47791", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-05-16T15:15:47.773", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c7vq-m7f8-rx37", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/server/pull/49558", "tags": ["Patch"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests to another server. The endpoint was removed in Nextcloud Server 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server 28.0.13, 29.0.10, and 30.0.3. No known workarounds are available."}, {"lang": "es", "value": "Nextcloud Server es un sistema de nube personal autoalojado. En Nextcloud Server anteriores a las versiones 28.0.13, 29.0.10 y 30.0.3, y en Nextcloud Enterprise Server anteriores a las versiones 28.0.13, 29.0.10 y 30.0.3, un endpoint no utilizado para verificar el destinatario de un recurso compartido no estaba protegido correctamente, lo que permit\u00eda redirigir las solicitudes a otro servidor. Este punto final se elimin\u00f3 en Nextcloud Server 28.0.13, 29.0.10 y 30.0.3, y en Nextcloud Enterprise Server 28.0.13, 29.0.10 y 30.0.3. No se conocen soluciones alternativas.\n"}], "lastModified": "2025-09-19T17:41:47.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "183FEE7F-8CD0-49A0-9AE8-7058C1AB46B5", "versionEndExcluding": "28.0.13", "versionStartIncluding": "28.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "43A18ADD-DDBA-4FB6-A709-2E70A81AF65B", "versionEndExcluding": "28.0.13", "versionStartIncluding": "28.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "4F0D2EC4-7F37-45FD-B8F6-82B2071AF1D5", "versionEndExcluding": "29.0.10", "versionStartIncluding": "29.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "AD04409F-4A6C-4C89-9A47-F515187C66B7", "versionEndExcluding": "29.0.10", "versionStartIncluding": "29.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "DC4FDE5A-9BAE-442E-80B2-6FA1B796633B", "versionEndExcluding": "30.0.3", "versionStartIncluding": "30.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C6F53CB1-26C6-450E-AED8-22A36C8E6F49", "versionEndExcluding": "30.0.3", "versionStartIncluding": "30.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}