Daniele Coppola

**Name of the Vulnerable Software and Affected Versions** Nextcloud Desktop Client versions 3.0.0 through 3.6.4 **Description** The issue allows a malicious server administrator to recover and modify the contents of end-to-end encrypted files. This is a significant concern for users who rely on the Nextcloud Desktop Client for synchronizing files from Nextcloud Server. **Recommendations** For Nextcloud Desktop Client versions 3.0.0 through 3.6.4, upgrade to version 3.6.5 to receive a patch. At the moment, there is no other information about additional mitigation measures for this issue.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Desktop Client versions 3.0.0 through 3.6.4 **Description** A malicious server administrator can gain full access to an end-to-end encrypted folder, allowing them to decrypt files, recover the folder structure, and add new files. **Recommendations** For Nextcloud Desktop Client versions 3.0.0 through 3.6.4, upgrade to version 3.6.5 to receive a patch.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Desktop client versions 3.0.0 through 3.8.0 Nextcloud Android app versions 3.13.0 through 3.25.0 Nextcloud iOS app versions 3.0.5 through 4.8.0 **Description** A malicious server administrator can gain full access to an end-to-end encrypted folder, allowing them to decrypt files, recover the folder structure, and add new files. **Recommendations** For Nextcloud Desktop client versions 3.0.0 through 3.7.0, update to version 3.8.0. For Nextcloud Android app versions 3.13.0 through 3.24.0, update to version 3.25.0. For Nextcloud iOS app versions 3.0.5 through 4.7.0, update to version 4.8.0.