cvedb.io
CVE-2025-47791
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2025-05-16T15:15:47.773 · Last modified 2026-06-17T09:28:41.990

Summary

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests to another server. The endpoint was removed in Nextcloud Server 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server 28.0.13, 29.0.10, and 30.0.3. No known workarounds are available.

Affected products

nextcloud — nextcloud_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when nextcloud ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.