CVE-2025-47791

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.13 Nextcloud Server versions prior to 29.0.10 Nextcloud Server versions prior to 30.0.3 Nextcloud Enterprise Server versions prior to 28.0.13 Nextcloud Enterprise Server versions prior to 29.0.10 Nextcloud Enterprise Server versions prior to 30.0.3

Description: Nextcloud Server is a self-hosted personal cloud system. A currently unused endpoint to verify a share recipient was not protected correctly, allowing proxy requests to another server. No known workarounds are available.

Recommendations: For Nextcloud Server versions prior to 28.0.13, update to version 28.0.13 or later. For Nextcloud Server versions prior to 29.0.10, update to version 29.0.10 or later. For Nextcloud Server versions prior to 30.0.3, update to version 30.0.3 or later. For Nextcloud Enterprise Server versions prior to 28.0.13, update to version 28.0.13 or later. For Nextcloud Enterprise Server versions prior to 29.0.10, update to version 29.0.10 or later. For Nextcloud Enterprise Server versions prior to 30.0.3, update to version 30.0.3 or later.