cvedb.io
CVE-2025-66515
LOW · CVSS 2.7
EPSS exploitation probability: 0%
Published 2025-12-05T18:15:57.623 · Last modified 2026-06-17T09:56:58.117

Summary

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0.

Affected products

nextcloud — approval

Does this affect you?

Add your gear to cvedb and we'll alert you only when nextcloud ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.