CVE-2025-47793

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 30.0.2 Nextcloud Server versions prior to 29.0.9 Nextcloud Server versions prior to 28.0.1 Nextcloud Enterprise Server versions prior to 30.0.2 Nextcloud Enterprise Server versions prior to 29.0.9 Nextcloud Groupfolders app versions prior to 18.0.3 Nextcloud Groupfolders app versions prior to 17.0.5 Nextcloud Groupfolders app versions prior to 16.0.11

Description: The issue concerns the absence of quota checking on attachments in Nextcloud Server and Nextcloud Groupfolders app, allowing logged-in users to upload files exceeding the group folder quota.

Recommendations: For Nextcloud Server version prior to 30.0.2, update to version 30.0.2 or later. For Nextcloud Server version prior to 29.0.9, update to version 29.0.9 or later. For Nextcloud Server version prior to 28.0.1, update to version 28.0.1 or later. For Nextcloud Enterprise Server version prior to 30.0.2, update to version 30.0.2 or later. For Nextcloud Enterprise Server version prior to 29.0.9, update to version 29.0.9 or later. For Nextcloud Groupfolders app version prior to 18.0.3, update to version 18.0.3 or later. For Nextcloud Groupfolders app version prior to 17.0.5, update to version 17.0.5 or later. For Nextcloud Groupfolders app version prior to 16.0.11, update to version 16.0.11 or later.