CVE-2025-47792

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop versions prior to 3.15

Description: The issue affects Nextcloud Desktop, allowing 3rd party applications to create link shares for almost all data via the socket API. These shares can then be sent to an external service.

Recommendations: For versions prior to 3.15, update to version 3.15 to resolve the issue. As a temporary workaround, consider restricting access to the socket API until the update is applied.

Exploit

Fix

Missing Authorization

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-284

Related Identifiers

BDU:2026-02085

CVE-2025-47792

GHSA-QM2F-959G-7P65

Affected Products

Debian

Nextcloud Desktop

CVE-2025-47792

Weakness Enumeration

Related Identifiers

Affected Products

References · 17