MEDIUM🇬🇧 English

CVE-2025-47792

CVSS 5.0v3.1pub. 2025-05-16upd. 2025-09-08

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
  • Nextcloud Desktop

    APP
    Nextcloud
    < 3.15.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-46958CRITICAL9.1PL ✓ten sam produkt

Nextcloud Desktop Client — błędne uprawnienia zsynchronizowanych plików na Linux

CVE-2021-37617HIGH7.3ten sam produkt

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextclo...

CVE-2021-22879HIGH8.8ten sam produkt

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of UR...

CVE-2020-8225HIGH7.5ten sam produkt

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about use...

CVE-2020-8224HIGH7.8ten sam produkt

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious Ope...